Nashville accidentally publishes Social Security numbers of identity theft victims

The government of Nashville and Davidson County discovered exposed information on the criminal court clerk's website and took it offline four days later.

Residents in the Nashville area who recently went to the police because they were worried their identities had been stolen are about to get some bad news.

The metropolitan government of Nashville and Davidson County has announced it accidentally published criminal affidavits that included sensitive information of an unidentified number of residents. The documents included Social Security numbers and included affidavits both of those charged with crimes and those who are “an alleged victim of identity theft.”

The office of Davidson County Criminal Court Clerk Howard Gentry said on Monday that officials are “taking action to review and remedy” the accidental data exposure.

The office says it doesn’t know how many people were affected by the incident, but the Tennessean reported that about 5,400 affidavits have been identified as potentially having a Social Security number or driver’s license number included in the published documents.


The local government states in a press release that it first discovered the issue on July 30 and removed all criminal records reports from the Criminal Court Clerk Office’s website on Aug. 3.

“I want to make sure everyone understands that we are taking this very seriously, and we will take all appropriate steps to protect those residents whose personal information was made vulnerable,” Mayor David Briley said in a press statement.

The city-county states in its press release that one day after discovering the exposed information, it issued a reminder to the Metropolitan Police Department that sensitive information like Social Security numbers and bank account numbers should not be included in arrest affidavits. From now on, any affidavits filed with sensitive personal information will be sent back to officers for editing, Judge Melissa Blackburn ordered on Aug. 7.

“It is regrettable this information was made publicly available, and it absolutely should not have happened,” Gentry said in a statement. “We are looking into the scope of the breach, including the Metro agencies and individuals involved, and will be relying on the services of a third-party vendor to help with the investigation.”

Those affected will be notified within 45 days, the government says, and will be offered one year of free credit monitoring and identity theft protection service.

Colin Wood

Written by Colin Wood

Colin Wood is the editor in chief of StateScoop and EdScoop. He's reported on government information technology policy for more than a decade, on topics including cybersecurity, IT governance and public safety.

Latest Podcasts