Clients of the Maryland Department of Human Resources are now at greater risk for identity theft.
According to a report in the Baltimore Sun, an employee of the state's DHR was placed on administrative leave after they posted the Social Security numbers and other personal information of close to 3,000 clients on a third-party website. While there is no evidence that the information was used for identity theft, the department, which administers food stamps and other aid, will provide affected clients with a year of credit monitoring free of charge. A spokeswoman for the department noted that the employee is on leave and could face disciplinary action.
The report said that the DHR has already mailed out letters informing those affected of the data breach even though it is not required to do so.
The Sun also said that the breach was first discovered by the staff at a nonprofit group called the Liberty Coalition, which found that the sensitive personal information had been posted on April 27 and stayed up until July 14. While it tried to notify DHR officials on July 9, they were not successful until three days later. The data was finally taken down two days after that.
In a separate report on the crime, the Sun also noted that while the DHR said it doesn't know that the information has been used for identity theft, Aaron Titus, privacy director for the Liberty Coalition, said that it's not as though any potential scammers are likely to admit to their crimes.
"It's rather silly," he said. "Of course they don't have any evidence, because identity thieves don't tell them."
In fact, the report said, the data was easily discovered by a simple Google search, meaning that more than just a select number of criminals specializing in identity theft had access to it. Titus also said that while it's good that the DHR is offering free credit monitoring, that may not be enough for consumers to protect themselves at this point. Because their personal information was online for so long, they should also contact the major credit bureaus to place a security freeze on their accounts. Such a move would prevent the data from being misused. While this normally costs $5, it is free for victims of identity theft thanks to a Maryland state law.