City employee Social Security numbers exposed in data incident
For more than two months, sensitive personal information of more than 7,000 current and former City of Cleveland employees was inadvertently included in a Request for Proposals (RFP) on the city's public-facing website where it seeks vendors for projects.
Driving the news: The city announced the "data incident" last week in a press release.
- The city said it was unlikely any of the exposed information, including Social Security numbers and prescription drug service histories, was "actually compromised."
- But it said it would provide two years of credit protection and identity theft insurance to affected employees, free of charge, out of an abundance of caution.
Why it matters: Though the incident was not the result of compromised cybersecurity, the Bibb administration is demonstrating its commitment to transparency.
- Between the lines: Axios obtained the city's internal communications to employees about the incident, which — apart from instructions for follow-up action — was virtually identical to the public press release.
What happened: A contractor posted the RFP for health care provider services to the city's website on Oct. 14, 2022. The personal information contained in multiple attachments was discovered on Dec. 20 and taken down immediately.
- Credit card information, banking information, and other medical test and treatment records were not exposed.
What's next: The city said it would review its policies for RFP postings and work with third-party associates to apply additional protocols and training regarding information privacy practices.
More Cleveland stories
No stories could be found
Get a free daily digest of the most important news in your backyard with Axios Cleveland.