Dekalb School District Posts 397 Employees' Insurance Info, SSNs Online
FOR IMMEDIATE RELEASE: October 8, 2008Media Contact: Aaron Titus
(202) 669-2969
RAINSVILLE, Alabama. On November 29, 2007 the Dekalb County Schools Human Resource Department uploaded nine files to the website, dekalb12.org, which included change of address and resignations forms, and also a file named "INVOICE.xls." This file contained the names and employment information of 397 current and former Dekalb County Schools employees, including 135 social security numbers.
The file is a log of monthly insurance allocations with PEEHIP between August 2004 and July 2005, and includes indication of claims for basic, dental, cancer, indemnity, or vision health insurance. This means that, among other things, information about a person's cancer treatment was available to anyone in the world. Excel lists the author of the file as "Betty Dupree," although it is impossible to tell who uploaded it to the internet.
By putting this information online for more than seven months, the Dekalb County schools have put their employees at severe risk of identity theft and other forms of fraud and embarrassment. In a July 13 e-mail to the Liberty Coalition, Superintendent Charles D. Warren indicated that the school board would "take whatever steps are necessary to inform our employees (and former employees) as to this breach."
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
About NationalIDWatch.org
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.