IDOC: Employees' data inadvertently released in response to inmate's FOIA
CHICAGO (Sun-Times Media Wire) — The state’s Department of Corrections is releasing new details Friday about a data breach that released Social Security numbers and other personal information about more than 1,000 of its employees.
The personal data of employees working at the Lawrence and Dixon correctional centers was inadvertently released in response to a Freedom of Information Act request, IDOC Acting Director Gladyse Taylor said previously.
Employees’ names, ranks, salaries and job duties also were released in addition to the Social Security numbers, the department said. IDOC learned about the data release Aug. 15.
An investigation has since revealed that a private citizen filed the FOIA request on behalf of an IDOC inmate, asking for the names, ranks and salaries of employees who worked at those two facilities during Fiscal Year 2015, the department said Friday.
“Human error” led to the personal information being included in the department’s response without redaction or a full review, according to IDOC.
The civilian said he never looked at the multi-page FOIA response before mailing it to the inmate, IDOC said. The prison’s mailroom staff discovered the error during a routine inspection of incoming mail.
Staff immediately secured the documents in the facility’s vault, IDOC said.
The civilian said he was unaware the department’s response contained the personal data, and he agreed to take a polygraph test that determined he was telling the truth, the statement said.
The department found no employee data in the inmate’s cell, and reviewed the inmate’s recent phone conversations, the statement said. They did not contain any mention of obtaining employee Social Security numbers.
Affected employees will receive free credit monitoring services, IDOC said.
“We are conducting a full audit of our FOIA unit and will implement streamlined procedures to prevent further inadvertent disclosures,” the department said.