Fluvanna SPCA Breaches 1,675 SSNs OnlineFOR IMMEDIATE RELEASE: January 5, 2011
Media Contact: Aaron Titus
TROY, Virginia. The Fluvanna SPCA has accidentally breached the names, addresses, phone numbers and social security numbers of 1,675 people online. In all, nearly 6,000 individuals who adopted a pet from the Fluvanna SPCA prior to 2007, owned a pet which stayed at the SPCA, or found a stray may have had their name, address, phone number and other personal information exposed online.
The SPCA has pledged to take "the necessary steps to address this information breach," which may include attempting to notify those whose social security numbers were exposed. Importantly, the SPCA no longer collects sensitive personal information from clients, and specifically purged all social security numbers several years ago. The breached records were old, forgotten backup files from prior to the purge. The volunteer responsible for the maintenance of the FSPCA's computers inadvertently made backups to his personal area on his employer's FTP server at the National Radio Astronomy Observatory (NRAO), which was unencrypted. The NRAO did not have any direct involvement in the breach. The information was removed from the FTP site immediately upon notification of this issue, and is no longer available.
The Excel files and Access databases were posted on a public, unencrypted FTP site without a firewall, and no password, and was accessible through a Google search for an unknown period of time. Between January, 2007 and late October, 2010 the files were theoretically available to anyone in the world with an internet connection.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.