14 DAY TRIAL // Personally identifiable information of 13,000 Floridians has been leaked to individuals requesting historical records preserved by the Bureau of Archives and Records Management.
The blunder is connected to the one of former Florida Governor Jeb Bush, who in February published on his website emails received while in office, between 1999 and 2007.
The documents were completely unredacted and contained sensitive information such as social security numbers (SSNs) and dates of birth, as well personal details of the senders.
Highly sensitive info leaked to the public
Although an active governor’s correspondence is considered to be public record, some data is protected by law and exempts from being released in the clear.
The emails were taken down and processed, but it appears that some individuals requested and received unredacted copies of them from Florida’s Bureau of Archives.
“Individuals potentially affected by this inadvertent disclosure of confidential information, which was released as part of recent public records requests, include approximately 13,000 persons on a wait list for developmental disability health care services from 2003, whose names, dates of birth, and social security numbers were included in an email,” Florida Department of State says in the notification disclosing the inadvertent data leak.
The period of the leak has not been disclosed, and impacted individuals have not been notified via individual letters, but anyone who believes their info was exposed is advised to contact the Department.
Free identity protection offered for one year
If their SSN was leaked, they are entitled to a free subscription to an identity protection service for a period of one year. Upon determining that the data was indeed inadvertently disclosed, they will receive instructions on how to activate the protection service.
SSNs, names and dates of birth are a combination most coveted by cybercriminals because it can be used for credit fraud and false tax filing.
The IRS announced on Tuesday that authentication to the Get Transcript online service was bypassed by unknown individuals seeking information for fraudulent tax refunds.
Registering for the Get Transcript service required an SSN and answering a few personal questions. The perpetrators managed to access tax accounts of more than 100,000 individuals, out of the 200,000 targeted.