S.C. unemployment agency says former employee downloaded personal data
COLUMBIA — South Carolina’s unemployment agency began notifying more than 4,600 people Wednesday that a former employee may have compromised their personal information.
The employee who downloaded the data to a personal flash drive was fired Tuesday, said Adrienne Fairwell, spokeswoman for the Department of Employment and Workforce.
The unidentified employee in the agency’s human resources department had been suspended Dec. 19, when the State Law Enforcement Division began investigating. Security software detected the unauthorized download from human resources files a day earlier.
The 4,658 people impacted are current and former employees, their children, and beneficiaries listed on their insurance policies. It did not affect any business or anyone receiving unemployment benefits, Fairwell said.
“This is exactly what should have happened, said DEW Director Cheryl Stanton. “Our security measures detected these downloads and DEW promptly began a full investigation.”
The law enforcement division recovered what the unemployment agency says could be the flash drive used to take the information. Stanton said people are being notified “out of an abundance of caution” so they can take steps to protect themselves from the possibility of identity theft.
The downloaded data included names, addresses, birthdates, Social Security numbers, and bank account information.
It’s unclear what the fired employee planned to do with the information. SLED spokesman Thom Berry declined to discuss an ongoing investigation.
The Department of Employment and Workforce is part of Gov. Nikki Haley’s Cabinet. State Democratic Party spokeswoman Kristin Sosanie criticized the download as another example of what she called the Haley’s administration’s “inability to protect citizens’ private information from being stolen.” She also questioned why it took four weeks to inform people.
Stanton said it took time to determine what happened, what was taken, and who was impacted.
“We worked with SLED for the last month to the fullest extent possible on the investigation to make sure we had the most accurate information to give employees, including reviewing each and every file to identify each individual impacted,” she said.
Cyber security has been a politically hot topic in South Carolina since fall 2012, when the Department of Revenue became victim to the largest single hacking of a state agency nationwide. In that case, a computer hacker stole unencrypted personal data belonging to 6.4 million people and businesses from tax returns dating to 1998.
It is unclear whether anyone became a victim of identity theft due to the hacking, but taxpayers have spent tens of millions of dollars to clean up that debacle.
The hacking occurred months after the personal information of more than 228,000 Medicaid patients was stolen by a former project manager of the Department of Health and Human Services, also a Cabinet agency. Christopher Lykes Jr. pleaded guilty last October to four counts of willful examination of private records by a public employee and one count of criminal conspiracy. He was fired in April 2012 after compiling the data on a spreadsheet and sending it to his private email account.
Last month, 3,432 members of a high-risk insurance pool were notified that a laptop stolen from an auditor’s car contained their personal information. The password-protected laptop, stolen Oct. 16, contained names and Social Security numbers of people who were part of the South Carolina Health Insurance Pool in 2011 and 2012. The Legislature created the pool, which operates as a nonprofit, in 1989 for those unable to find coverage because of a medical condition.