Metro agency leaks Social Security numbers onto Internet

Monday, August 10, 2009 at 3:20pm

Names and Social Security numbers of 160 customers of the Metro-run career services agency were exposed via the Internet, according to a press release sent Monday.

The Nashville Career Advancement Center said a weakness in its Web site left the personal information exposed. Paul Haynes, the agency’s executive director, said it is believed that none of the customers had their personal information accessed. The agency is offering free identity protection through Debix for one year.

The security weakness was identified on July 16, after one of the agency’s customers received a spam e-mail claiming their contact info was found on the Nashville Career Advancement Center’s Web site.

A review of the agency’s Web site applications was conducted by the Metro Information Technology Services department. A third party computer forensics consultant was engaged as well to check for “potential unauthorized access,” Haynes said.

The private information was exposed over Google, but Haynes said the search engine Web site agreed to remove the content from its site.

“The agency takes this matter extremely serious and will not re-establish full Web site functionality until the security consultant and Metro Government’s Information Technology Services are confident in the integrity of the security,” Haynes said in a statement.

The Nashville Career Advancement Center provides career development and training. The agency maintains an operating budget of $7 million, almost all of which comes from federal funds.

1 Comment on this post:

By: govskeptic on 8/12/09 at 8:10

Protection through Debix is both cheap and worthless. It is used as a scapegoat for agencies like this all over the country to cover up incompetence.