Site icon Liquidmatrix Security Digest

Dept of Administrative Services, Conn. Data Leak

From the Websense folks:

Personal information including names and Social Security numbers of 1,753 state employees leaked after it was posted to the Department of Administrative Services website. The personal information was included in a spreadsheet of vendors used by the state that was accessible to the public on the state web site. Officials believe the information was on the website since October 2003. After the leak was detected, the file was scrubbed. This leak was disclosed due to Connecticut’s S.B.650 which requires breach notification.

State officials claimed that the leak was not too serious because the Social Security numbers were displayed without hyphens and each had a numerical suffix attached, making them not easily recognizable.

The protocol was HTTP and the type data was NPI (e.g. customer data).

Article Link

[tags]Data Leak, Privacy, Data Breach, Websense[/tags]

Exit mobile version