Press Release from Ed Hatchett, Release Date: March 7, 2001 | Commonwealth of Kentucky |
|
(Frankfort - March 7, 2001)
Two incidents last week prompt Auditor of Public Accounts Ed Hatchett to issue this identity theft advisory to citizens and state government employees.
On February 28, auditors discovered a state government web site containing the names, social security numbers, addresses, and other personal information for thousands of professionals licensed by the Commonwealth. The eleven folders viewable in clear text contained data for every Kentucky veterinarian, social worker, psychologist, geologist, and occupational therapist, among others. Access to this personal, confidential information was easily gained by Internet users employing a common protocol. Following its discovery, the Auditor of Public Accounts notified the Governor's Office for Technology, and the site was shut down. On March 2, auditors identified a file folder on another state government web site containing the Master Position Listing and Summary, a listing of the names, social security numbers, positions, salaries, and other personal information for all state employees. The confidential portions of these data were easily accessible both to users of the Commonwealth's network and Internet users. Upon advice of the Auditor of Public Accounts, the file was taken offline. Two characteristics of Kentucky state government pose a serious risk to the security of the personal data of our citizens. The first is Kentucky's reliance on social security numbers as a unique identifier for government programs. The second is the vulnerability of state government's computer systems to attack. In combination, these characteristics greatly increase the threat of identity theft to our citizens. The Office of Auditor of Public Accounts performs random testing of state government information systems in order to protect public assets and safeguard the personal, confidential data of citizens and public employees. |
|
|
|