DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MI: Bloomfield Hills Schools exposes employees’ names and Social Security numbers to parents

Posted on March 22, 2011 by Dissent

Bill Laitner reports that a response to a freedom of information request provided more information than it should have:

The Bloomfield Hills School District accidentally revealed the names and Social Security numbers of 321 employees to two district parents who requested the number of staff whose salaries and benefits totaled $100,000 or more.

When parent Chris Fellin, 50, of West Bloomfield found the confidential data, partially hidden on a Microsoft Excel file, he said he informed Superintendent Rob Glass in person March 12.

But Fellin said Monday he was furious that the district named him and resident Pradeep Mehra in a March 15 letters to employees without properly explaining that they were innocent recipients of the district’s mistake.

[…]District officials said the letter to staff included the names of Fellin and Mehra to give a full explanation of what happened.

“If your Social Security number gets revealed, it’s reasonable to tell people who has it,” said Betsy Erikson, spokeswoman for the school district. “This is a situation that is very regrettable and we took quick action. We found out about it on a Saturday, took action on a Monday to protect our people and by Tuesday we drafted 321 letters.”

Fellin is a frequent critic of the district who routinely requests cost data. He sued the district in 2009, protesting the closure of Pine Lake Elementary School near his home. Fellin’s son, 17, is a student at Andover High School, and his daughter, 19, is an Andover graduate, he said. Mehra ran unsuccessfully for school board in 2008.

Read more in the Detroit Free Press.

Well, here’s an interesting question for those of us who routinely request or encourage more details in breach notices.  Should the district have identified the recipients of the SSN by name or should they have simply written “two parents who had obtained the information due to our error in responding to Freedom of Information requests?”  Are these parents more likely to experience retaliation as a result of the disclosure of their names?  The name of the requestors under FOI is a matter of public record, but do you agree with how the district handled this disclosure?

Category: Breach IncidentsEducation SectorExposureU.S.

Post navigation

← UK: Security scare as council loses memory stick containing medical info and access codes to the homes of thousands of vulnerable people
ICO confirms another data breach fine in the offing →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.