The personal data of the state’s 30,000 employees was inadvertently exposed earlier this month when a master spreadsheet was shared with benefits administrators at Colorado higher education institutions.
After learning of the information breach on Oct. 7, the Colorado Department of Personnel and Administration immediately asked the 38 benefits administrators to delete the email and spreadsheet, which contained social security numbers, birth dates and other sensitive information of state employees eligible for short-term disability and do not all work at their schools.
There was no evidence “information was misused or compromised in any fashion,” according to a letter sent to the affected state employees by Kara Veitch, executive director of the Colorado Department of Personnel and Administration.
As is required by law, an organization that exposes private personal information must notify the victims and share ways to protect their private information. The letter provided numbers and links to the three credit reporting agencies that consumers can use to track potential identity theft activity.
Doug Platt, a spokesman for the Department of Personnel and Administration, said the administrators who received the spreadsheet are used to handling sensitive data and regularly receive similar information from the state.
The department has also taken steps to ensure a similar breach doesn’t happen again, but Platt did not have more information on the process.
“We believe it to be a very low risk release of information because it went to benefit administrators only within state government institutions and departments,” Platt said. “They’re accustomed to handling this information, and we addressed the release immediately.”
The incident doesn’t seem too concerning, said James E. Lee, Chief Operating Officer at the Identity Theft Resource Center, which tracks data breaches nationwide and has seen a decline in breaches so far in 2020.
“It’s not common, but it does happen,” Lee said in an email. “It used to be more frequent in the early days of data breach sensitivity. There is a relatively low risk in this specific case since the information was not sent to people outside the state government.”
Our articles are free to read, but not free to report
Support local journalism around the state.
Become a member of The Colorado Sun today!
The latest from The Sun
- What’s Working: A new $375 stimulus, small business grants and tales from Colorado’s unemployment queue
- Damn, Dem fundraisers! Please stop the emo emails, the fake birthday cards and the bomb clocks that never run down!
- Barbara Nickless juggled plot and backstory to create a tale inspired by an Army intelligence officer
- In “Ambush,” a detective seeks a young Iraqi boy with secrets — and so does a ruthless killer
- Opinion: Why COVID-19 might help schools overcome generational challenges