December 3, 2008
The Agency for Workforce Innovation Continues to Take Action to Address Computer Security Breach
The Agency for Workforce Innovation is continuing to take action to address a security breach that recently occurred on a test server. Upon discovery, the Agency immediately contacted the appropriate law enforcement agencies, began a thorough investigation and promptly coordinated with all major external search engine companies to ensure the information was no longer accessible to the public. The Agency has no reason to believe any personal information has been accessed for unlawful purposes.
“We are committed to serving the people of Florida and to maintaining the public trust at its highest level,” said Monesia T. Brown, Director of the Agency for Workforce Innovation. “We are thoroughly investigating this matter and are making every effort to enhance the security of our computer systems.”
The security breach occurred on an Agency test server for 19 days in October 2008 and resulted in the exposure of the names and Social Security Numbers of approximately 250,000 customers who received services through Florida’s One-Stop Career Centers between January 2002 and November 2007.
The Agency is also taking the following actions:
- Notifications are currently being mailed to the affected customers.
- A complete review of the Agency’s technology policies and procedures is underway.
- All affected partners are being notified to ensure optimal customer service and assistance to concerned Floridians.
- Management teams are continuing to work diligently to protect the confidentiality of stored personal data.
To protect against identity theft, the Florida Attorney General’s Office recommends concerned Floridians should:
- Carefully review credit and debit card statements and monitor all transactions. If unauthorized activity is detected, they should immediately contact their card company and/or bank.
- Learn about preventing identity theft by visiting the Florida Attorney General’s website, at: http://www.myfloridalegal.com/identitytheft, and clicking on the Fraud and Scams link under Consumer Protection.
- Access a free credit history report and information on how to place a free fraud alert on their files in national credit databases. Additional information on establishing free fraud alerts from the three credit bureaus may be accessed using the links below:
For additional information on Florida law relating to consumer credit freezes, click here.
- What happened?
- The Agency for Workforce Innovation inadvertently placed confidential information belonging to a group of customers who had previously received workforce services onto an external test server.
- How many people were affected and how many were Floridians?
- Approximately 250,000 people were affected, all of whom were Floridians.
- What information was made accessible?
- Information that was inadvertently placed on the test server included names and social security numbers of these individuals.
- How did the breach occur?
- The information was inadvertently placed on a test server that the Agency was working with, and was made available to the public for a short period of time.
- Was the information posted to a public website?
- No, the information was never posted to a public website. It was, however, accessible by search engines during the time it was public.
- When was the information posted and when did the breach occur?
- The information was inadvertently posted in mid-October 2008.
- What are the dates of the customer files and whose files were affected?
- The affected customer files include those of people who received services through the workforce system’s One-Stop Career Centers between January 2002 and November 2007.
- Fewer than ten percent (10%) of the total number of customers the Agency’s workforce system served during that time were affected.
- How long was the information accessible?
- The information was posted for approximately 2½ weeks.
- What steps has the Agency taken to fix the breach?
- Immediately upon being discovered, the Agency removed all public access to the information. We also immediately coordinated with all the major external search engine companies to ensure the information was removed from any stored databases (or caches) on the Internet.
- How and when will affected individuals be notified?
- A letter to affected customers has already been developed and is in the process of being mailed.