The information was inadvertently made public on a third-party website. The contractor who made the error was fired.
Maine’s information technology office is informing approximately 2,100 residents that it accidentally exposed their private information online for a brief period in September, the Portland Press Herald reported on Monday.
The compromised data included names, addresses and Social Security numbers of people who receive foster care benefits from the state, as well as the names of children and legal guardians, according to a letter from Maine Chief Information Officer Jim Smith informing affected individuals.
The breach was the result of human error by a contractor hired by the Maine Office of Information Technology. During a system upgrade on Sept. 21, the contractor posted the information to “a third-party website outside the State of Maine system,” the letter says. The information was available publicly on that website, which is not identified in the letter, for about four and half hours. Smith says OIT received confirmation from the third-party website that all the personal information was wiped after the incident.
Smith says in the letter that the personal information was accessed one time during that period, but that “there is no indication that there is any intent by a third party to misuse your personal data.” He does not explain where that assurance comes from.
The Press Herald Reported that the contractor who made the error was fired.
As a result of the incident, Maine is offering one year of free credit monitoring for those affected from AllClearID. OIT is also recommending that those affected request fraud alerts with the three major credit reporting companies: Experian, TransUnion and Equifax.
While the scale of the incident doesn’t compare to the 145.5 million people affected in the Equifax breach from earlier this year, it bears some similarity in that both incidents were the result of human error.