IDOC Data Breach

Send a link to a friend  Share

[August 24, 2015]  On August 14, the IDOC discovered that the names, job ranks/positions, salaries and social security numbers of more than 1,000 employees were inadvertently transmitted in a FOIA request that was released to a private citizen. We immediately notified the affected employees and took steps to ensure that their identities and credit would not be further breached. Each of them will be offered free credit monitoring services.

As a result of the data release, we launched an internal investigation and discovered that the private citizen who requested the information was doing so on behalf of an IDOC inmate. The error was discovered after the civilian mailed the response to the inmate. Mailroom staff intercepted the package during a routine inspection of incoming mail. The documents were immediately secured in the facility vault.

We interviewed the inmate who was the intended recipient of the information and conducted a search of the inmate’s cell. No employee information was discovered in the cell. We also reviewed the inmate’s recent phone conversations, which did not reveal any discussions about obtaining employee social security numbers.

 

Our staff interviewed the civilian who issued the FOIA request for the names, ranks, and salaries of employees who worked at Dixon and Lawrence Correctional Centers during Fiscal Year 15. The civilian stated that he never looked at the multi-page FOIA response and was unaware that it contained personal information. He agreed to a polygraph test and tested truthful to the above statements.

[to top of second column]

Preliminary findings suggest that human error led to the information being released without redaction or a full review. We are conducting a full audit of our FOIA unit and will implement streamlined procedures to prevent further inadvertent disclosures.

[IDOC News Release]

Back to top