Metro News Release
For immediate release: July 14, 2008
Metro accidentally releases workers' Social Security numbers
Transit agency offers identity theft monitoring services to affected employees
Metro has advised nearly 4,700 past and present employees that their social security numbers were published accidentally on the transit agency’s Web site last month.
The information was posted between June 9 and 25 as part of a solicitation from Metro to companies interested in providing worker’s compensation and risk management services. The document mistakenly included the social security numbers of 4,675 employees. A smaller group of employees had their names and social security numbers posted in the lengthy document. Metro officials continue to analyze the information for any other data breaches.
Letters warning of the breach were sent out to the affected employees. The letter urges employees to watch their credit reports for signs of identity theft. The agency is offering the 4,700 employees one year of free credit report monitoring, $25,000 in identity theft insurance and counseling services. An internal Web site also was set up for employees to verify if they were affected. Former employees who have not received a letter but still want to verify if their information may have been released, can contact Metro at 202-962-2297.
“We deeply regret this incident, and believe the likelihood of misuse of the information is low,” said Metro Chief Safety Officer Ronald Keele. “However, we have taken additional steps to protect employee information by bolstering Internet security and requiring more checks and balances of materials before they are being released publicly.”
Metro officials say they are not alone in this type of data breach. According to the Identity Theft Resource Center, data breaches at businesses, governments and universities were up 69 percent in the first half of 2008 compared with a similar period in 2007. The nonprofit fraud prevention group found 15 percent of reported data breach cases were caused by the inadvertent posting of personal and financial data online.
News release issued at 4:51 pm, July 14, 2008.