|
IDOC Data Breach
Send a link to a friend
[August 24, 2015]
On August 14, the IDOC discovered
that the names, job ranks/positions, salaries and social security
numbers of more than 1,000 employees were inadvertently transmitted in a
FOIA request that was released to a private citizen. We immediately
notified the affected employees and took steps to ensure that their
identities and credit would not be further breached. Each of them will
be offered free credit monitoring services.
|
|
 As a result of the data release, we launched an internal
investigation and discovered that the private citizen who requested
the information was doing so on behalf of an IDOC inmate. The error
was discovered after the civilian mailed the response to the inmate.
Mailroom staff intercepted the package during a routine inspection
of incoming mail. The documents were immediately secured in the
facility vault.
We interviewed the inmate who was the intended recipient of the
information and conducted a search of the inmate’s cell. No employee
information was discovered in the cell. We also reviewed the
inmate’s recent phone conversations, which did not reveal any
discussions about obtaining employee social security numbers.
 Our staff interviewed the civilian who issued the FOIA request for
the names, ranks, and salaries of employees who worked at Dixon and
Lawrence Correctional Centers during Fiscal Year 15. The civilian
stated that he never looked at the multi-page FOIA response and was
unaware that it contained personal information. He agreed to a
polygraph test and tested truthful to the above statements.
[to top of second column] |
Preliminary findings suggest that human error led to the information
being released without redaction or a full review. We are conducting
a full audit of our FOIA unit and will implement streamlined
procedures to prevent further inadvertent disclosures.
[IDOC News Release]
 |
