Arkansas Psychology Board: 284 Identities ExposedFOR IMMEDIATE RELEASE: September 30, 2007
Media Contact: Aaron Titus
LITTLE ROCK, Arkansas. Between about May 21-31, 2007, the Arkansas Psychology Board posted an Excel file online that contained the names, dates of birth, social security numbers, addresses, email addresses, licensure and other information of 284 Arkansas licensed psychologists. Even after the file was removed, a cached Google copy of the file was discovered on June 5, 2007. Many victims of this breach were notified directly. According to an affected phsychologist, the Arkansas Board of Examiners confirmed that the file had been accessed multiple times during the sensitive period.
In a special session, the Arkansas Psychology Board (APB) unanimously approved paying more than $13,000 for "top-of-the-line" credit monitoring plans from Equifax, which would cover the affected psychologists and their spouses. Though the Board's investigation found no indication of a cover-up, the problem was caused by a "systems failure" among staff, a contracted software company and the web hosting agency, which eventually caused a delay of 11 days before official notification. Though the information was intended to be shared with Arkansas Child Protective Services pursuant to a 1997 "dead-beat dads" law, this was the only time Psychology Board Staff had placed the information online.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.