Data security breach reveals private information of 62 Oregon Department of Transportation staff

Data security breach reveals private information of 62 Oregon Department of Transportation staff

The personal data of 62 people stored by the Oregon Department of Transportation was erroneously placed on a public FTP server, the agency acknowledged in a statement this week.

The file in question was brought to the attention of ODOT, the agency said, by a citizen who emailed the Ask ODOT address saying that the contents of a file in publicly accessible storage appeared to be encrypted Social Security numbers. The SSNs were apparently those of current and former employees who had worked on ODOT's environmental programs.

"Placing a file containing personally identifiable information in a public location violates state and agency policy. We believe the file was placed there in error. We are asking all managers to review ODOT information security and records retention policies and procedures with their staff to reduce the possibility that this could happen again," said ODOT deputy director of central services Clyde Saiki.

The file was removed immediately after the mistake was realized.

Data security is a particularly important consideration for government agencies, since they routinely deal with highly sensitive information, experts note.