6 Million Voters’ Social Security Numbers Exposed in Georgia Breach

Georgia Breach 2

Update: 10:00 a.m. ET: On December 4, Georgia Secretary of State Brian Kemp announced that victims of the Georgia breach would be eligible for one year of free credit and identity monitoring services. Services will provided by CSID and are set to become available within 10 to 14 business days.

Once available, voters may enroll by visiting www.sos.ga.gov. Please contact the agency directly at 404-654-6045 for more information.

Update: 9:00 a.m. ET: The Georgia Secretary of State has published an official breach notification on their website, as required by state law. The notice provides fraud protection advice and a dedicated hotline that has been established to aid concerned voters.

What happened?

Secretary of State Brian Kemp’s office is citing a clerical error following the unintentional released of 6 million Georgia voters’ personal information.

Each month Kemp’s office provides media outlets and political parties a CD-ROM of basic voter information. However, the October 2015 files included more sensitive data, including voters’ Social Security numbers, birth dates and driver’s license numbers.

While the sharing of basic voter information is allowed, the inclusion of more sensitive records is prohibited under Georgia’s open record laws.

Kemp’s office did not disclose the incident and quietly recovered the CD-ROMs from recipients. This discretion prompted two voters to file a class-action lawsuit stating a lack of proper notification.

Their attorney, Jennifer Auer Jordan, believes the office has shown negligence in resolving the matter.

“The idea that you can just go pick up a CD and somehow that ends the problem shows a lack of understanding about technology and hacking and exactly what needs to be done to secure data nowadays,” she said.

The employee responsible for the breach has since been terminated and Kemp has since released a statement that all CD-ROMs have been returned or destroyed. However, a journalist from the Peach Pundit who received a disk, stated in his personal account that he just signed a waiver stating he had previously disposed of the disk so there is a significant level of trust involved in that statement.

What should you do?

Since this information was distributed to a small group of professionals, the risks may be low but are still present. Consider placing a credit freeze or 90-day fraud alert on your credit file to prevent new lines of credit from being opened in your name.

Phishing scams will likely pose the largest threat following this breach. Be wary of personal requests via phone, email or mail — especially if they pertain to identity theft protection or confirmation of exposed information.

Fighting Identity Crimes will keep you updated as new information becomes available about the Georgia breach. Be sure to subscribe to our blog to stay up-to-date with the latest identity theft and fraud news.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is Corporate Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.