43 South Florida Workforce Participants' Personal Information OnlineFOR IMMEDIATE RELEASE: January 22, 2008
Media Contact: Aaron Titus
MIAMI, Florida. South Florida Workforce, a job and career services organization, posted the names and personal information of 43 of its participants on its website. The Liberty Coalition discovered an Excel file posted on a public document sharing site containing an internal trouble ticket log with 43 names and the last four digits of social security numbers. Three of the participants' names and full social security numbers were exposed. Businesses extend credit based upon the last four digits of the social security number, and some financial institutions use it as a password, making it an extremely sensitive piece of information. By placing this information online, South Florida Workforce has put these individuals at increased risk of identity theft and other types of fraud.
According to the server, the file was placed online March 2, 2007. It appears to be clear from search engine caches as of January, 2008.
According to one employee, when a participant calls with a problem, South Florida Workforce routinely records that person's name and Social Security Number in internal documentation. In this instance, some of that documentation was accidentally placed on a public website. The Liberty Coalition recommends that South Florida Workforce immediately change its policy of using social security numbers to identify participants internally.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.