North Colonie Central School District in New York is notifying some retirees that their personal information was inadvertently exposed on the internet for a period of approximately six weeks.
The breach occurred when a package of information the district made available to vendors to provide quotations on insurance services inadvertently failed to redact the names, date of birth, and Social Security numbers of retirees on one page of the 28-page package. The package was available on the internet from March 26 until May 4, when the error was detected. The letter by Assistant Superintendent Scott Hoot explains that the unredacted information would have been – and was – provided to vendors who wanted to bid on the contract, but the unredacted information should not have been on the internet.
The district is offering those affected one year of Experian’s IdentityWorks service, although they note that they have no evidence of any misuse of the information.
A copy of the notification letter was submitted to the Vermont Attorney General’s Office and is available online here.