Government officials should be more open with their records, but this is taking it a bit too far.
The Associated Press reports Georgia's secretary of state accidentally mailed out 12 CDs to different organizations, each of which contained the social security and driver's license number of every registered voter in the state. A full list of the organizations who have received the CDs is not available, though the Atlanta Journal-Constitution, the state Republicans and Democrats, and Georgia GunOwner magazine are among the recipients.
The Secretary of State's office gives some public information on voters to local media companies and political groups for free, and to others for a fee of $500. That information, per the AP, is only supposed to include name, residence, mailing address, race, gender, voter registration date and the last date the person voted. But October's data blast to 12 different organizations contained the bonus, confidential information without any sort of encryption.
The data breach is basically an identity thief's dream come true. Having the names, home addresses, date of birth, race and gender of 6 million people synced up to their social security number and driver's license offers nearly limitless possibilities in the wrong hands.
The Atlanta Journal-Constitution was one of the media outlets that received the additional records. They confirmed that the leak was legitimate by looking up one of their own staff members. Sure enough, his social security and drivers license were in the file. They promptly returned the disc to the secretary of state.
Secretary of State Brian Kemp released a statement on his website acknowledging the data breach and blaming it on a clerical error.
“Upon learning of this mistake, my office took immediate corrective action to retrieve the discs and to confirm the recipients had not copied or otherwise disseminated the data,” Kemp wrote.
Although earlier Kemp did not respond to The AP's questions on whether all the discs were accounted for, Kemp now says they've verified the location of each disc and confirmed no data was retained or disseminated by the organization that received it. Given that an unencrypted file on a CD is as easy to steal as right-click, copy, right-click paste, that sounds like a difficult thing to confirm.
It's okay, though! I'm sure the information is safe in the hands of Georgia GunOwner magazine. Although, the magazine has not yet acknowledged receipt of the data on its website: It would need a website first.