State prison officials blamed “human error” Friday for a data breach that released Social Security numbers and other personal information about more than 1,000 of its employees.
Data about employees working at the Lawrence and Dixon correctional centers was inadvertently released in response to a Freedom of Information Act request, the state Department of Corrections first announced last week.
An investigation has since revealed that a private citizen filed the FOIA request on behalf of an inmate, asking for the names, ranks and salaries of employees who worked at those two facilities during Fiscal Year 2015, the department said Friday.
Employees’ names, Social Security numbers, ranks, salaries and job duties were released, the department said in a statement. State prison officials learned about the data release Aug. 15.
“Human error” led to the personal information being included in the department’s response without redaction or a full review, according to the corrections department.
The civilian who made the request said he never looked at the multi-page FOIA response before mailing it to the inmate, IDOC said. The prison’s mailroom staff discovered the error during a routine inspection of incoming mail.
Staff immediately secured the documents in the facility’s vault, the department said.
The civilian said he was unaware the department’s response contained the personal data, and he agreed to take a polygraph test that determined he was telling the truth, the statement said.
The department found no employee data in the inmate’s cell, and reviewed the inmate’s recent phone conversations, the statement said. They did not contain any mention of obtaining employee Social Security numbers.
Affected employees will receive free credit monitoring services, IDOC said.
“We are conducting a full audit of our FOIA unit and will implement streamlined procedures to prevent further inadvertent disclosures,” the department said.