Informants' Info Revealed in Colorado Sheriff's Office Leak
The sheriff's office of Mesa County, Colo has accidentally made its online database public, revealing the names, phone numbers, addresses and Social Security numbers of suspects and victims involved in criminal investigations, as well as the personal information of confidential drug informants.
The information breach, which was first reported by NPR, occurred in April when a Mesa County information technology employee moved the online database to what he believed was a new storage server.
The IT employee responsible for the mistake "had access to the data, and was moving it for a legitimate purpose," when the error occurred, said Heather Benjamin, public information officer for the Mesa County sheriff's department.
In the process, some of the data -- including the personal information of more than 200,000 people was uploaded to a non-secure part of the county's file transfer protocol (FTP) server.
Authorities discovered the breach on discovered on Nov. 24. In the time the information was on the non-secured FTP site, it was viewed "several times," said Jessica Peterson, Mesa County public relations director.
The FBI is working with the sheriff's department to determine who accessed the sensitive information.
"We are working to quickly identify anyone who might be affected by this as soon as possible, and will notify them as necessary," Mesa County Sheriff Stan Hilkey said in a press release.
Open access to such sensitive information poses a twofold threat, Benjamin said.
Along with the potential for fraud and identity theft against those whose information was made public, "in law enforcement we don't want criminals to know where our families are. That's a big concern," Benjamin told SecurityNewsDaily.
In the wake of such a potentially devastating breach, Mesa County has taken steps to enact stricter security policies regarding its internal data.
Peterson told SecurityNewsDaily that the county IT department has put in place a new procedure that requires anybody working on this type of software transition to get approval before moving data from their IT supervisor and a representative from the specific department whose information is being moved. Non-secure sections of the county FTP site are also being regularly monitored.
"This is not something we wished would ever happen," Peterson told SecurityNewsDaily. "Our IT department is working to mitigate any damage."
Peterson said that the employee behind the security error had been working for the county "for a long time," but is no longer employed by Mesa County.
- New Strategies Are Needed to Shield the Most Sensitive Â Data
- Hear That? Itâ??s Your Bank PIN Being Stolen
- Identity Theft Protection Services Review