Thursday, December 5, 2013
By Matt Byrne firstname.lastname@example.org
CUMBERLAND — Cumberland officials are trying to determine how 275 names and Social Security numbers of current and former town employees were posted to the town's website.
Town Manager Bill Shane said the breach was discovered Jan. 9 by an employee who Googled a name, found the personal information publicly available, and notified Shane.
The town's website was quickly shut down.
Within 30 hours the data had been scrubbed from the Internet, Shane said.
However, Shane said the list -- originally filed with the state in 2008 for unemployment insurance purposes -- could have been available for as long as four years.
It included information on rank-and-file workers, all the way to town councilors and Shane himself, he said.
"No one really escaped this event, unfortunately," Shane said.
"It's pretty frustrating, to be honest, when you don't know how or why."
Security experts are still trying to determine how the document landed on the website.
The town is employing the company that normally administers the site to do a full security evaluation, he said, a service that is estimated to cost less than $5,000.
After the discovery, Shane sent letters to all 275 employees whose information was released.
He apologized for the breach and said the town would pay for three months of credit checks, and offered to make an attorney available to answer questions about legal ramifications.
Shane said no one has come forward to say their identity has been stolen, and new protocols have been developed so that he and three other administrators have "veto power" over any documents uploaded to the website.
"I think we've done all we can to contain the damage, and hopefully we're on the right track to improving the system security," Shane said.
One town councilor, William Stiles, who received the letter and whose name was on the list, was nonplussed by the revelation that his name and Social Security number were left vulnerable in cyberspace.
He said he received similar notifications in 2008, when 4.2 million credit card numbers were stolen from Hannaford stores, and again in 2012, when TD Bank lost data tapes with sensitive customer information.
"Ho hum," Stiles said, flatly. "Am I concerned? Yes, but I do everything I can to protect (my information). Some things are beyond your control and you have to deal with it."
Staff Writer Matt Byrne can be contacted at 791-6303 or at: