Georgia employee fired for releasing voter data
ATLANTA — Georgia’s secretary of state said Thursday that he takes “full responsibility” for more than 6 million voters’ personal information being released to media and political parties and has fired an employee who he said is at fault.
Secretary of State Brian Kemp said in a statement that as of Thursday morning, all 12 discs containing sensitive information had been retrieved or destroyed.
“My staff has verified with the media outlets and political parties that received these discs that they have not copied or otherwise disseminated confi- dential voter data to outside sources,” he said. “I am confident that our voters’ personal information has not been compromised.”
But at least one person who said he regularly receives the file told the Associated Press on Thursday that he threw the October disc away before an investigator with Kemp’s office asked that it be returned. Kemp spokesman David Dove said the office considers that disc “disposed.”
A lawsuit filed this week revealed what Kemp said his office learned on Friday — that Social Security numbers, dates of birth and driver’s license numbers for 6.1 million registered voters was included in a voter file provided last month to 12 organizations.
That’s among the largest breaches affecting states, if not the largest, according to a timeline kept since 2005 by the Privacy Rights Clearinghouse. South Carolina in 2012 discovered that unencrypted data from tax returns was hacked from its Department of Revenue, affecting 3.8 million adults, 1.9 million dependents and 700,000 businesses. The state spent nearly $50 million on credit monitoring services.
Paul Stephens, director of policy and advocacy at the Privacy Rights Clearinghouse, said the information released in Georgia can cause more serious issues than recent commercial breaches at retailers including Target. Those involved debit or credit card numbers, allowing consumers to catch fraudulent charges.
“You’re not going to find out that somebody has obtained a credit card in your name,” Stephens said. “They will go out, run up a big bill and when it’s not paid, a collection agency comes looking and finds you, not the crook.”
Stephens recommended a security freeze or fraud alert available through the three official credit reporting agencies.