ATLANTA — Georgia’s secretary of state said Thursday that he takes “full responsibility” for more than 6 million voters’ personal information being released to media and political parties and has fired an employee who he said is at fault.
Secretary of State Brian Kemp said in a statement that as of Thursday morning, all 12 discs containing sensitive information had been retrieved or destroyed.
“My staff has verified with the media outlets and political parties that received these discs that they have not copied or otherwise disseminated confidential voter data to outside sources,” he said. “I am confident that our voters’ personal information has not been compromised.”
But at least one person who said he regularly receives the file told The Associated Press on Thursday that he threw the October disc away before an investigator with Kemp’s office asked that it be returned.
A lawsuit filed this week revealed what Kemp said his office learned on Friday — that Social Security numbers, dates of birth and driver’s license numbers for 6.1 million registered voters was included in a voter file provided last month to 12 organizations.
Kemp’s office regularly provides an updated voter file to statewide parties and media, as allowed by Georgia law. Others can pay a $500 fee to get a copy of the file. It is supposed to include only a voter’s name, residence, mailing address, race, gender, registration date and last voting date.
Clayton Wagar, publisher and owner of the political blog PeachPundit.com, said he has received a copy of the file each month since 2013. Wagar said an investigator with the office called him on Tuesday to retrieve the latest disc.
Wagar said he found a disc from November at his home but could not find October’s. He said he must have thrown that disc away, unaware that it contained the extra personal information.
“I can’t guarantee once it left me where it went,” Wagar said. “It’s not going to get us anywhere to have a false sense of security.”
The next day, he gave an investigator a signed statement saying he had thrown the October disc away and also returned his November disc, which did not contain the extra personal information. Wagar said he later found an October voter file on his personal computer, searched for and found his own Social Security number, and then deleted the file.
Kemp on Wednesday said the additional personal information was put in the wrong file because of a “clerical error.” Kemp said the IT employee responsible was fired for “breaking internal rules.”
On Thursday, he promised to limit employee access to the secure site where the voter file can be downloaded to one person. Kemp also said he’s creating a “three-part check” before discs containing the statewide voter file can be sent to the public.
State Sen. Greg Kirk and Rep. Ed Rynders, Republican lawmakers who sit on the respective House and Senate committees overseeing state government, said they remain confident in Kemp.
“It’s a human mistake,” said Rynders, chair of the House Governmental Affairs Committee. “So you put the proper oversight in place and decrease the likelihood these type of accidents don’t occur in the future.”
Rep. Scott Holcomb, D-Atlanta, called the release a “complete breakdown” and said he wants details from Kemp about how the office concluded the 12 discs were secure and that voters’ information wasn’t downloaded and saved when the discs arrived.
“We’re not talking about minor details,” Holcomb said. “These are all the pieces to the puzzle that people who want to commit identity theft need.”
Attorney Jennifer Auer Jordan is seeking class-action status for the lawsuit and said Wednesday that her two clients want Kemp to notify voters and credit agencies and provide credit monitoring.
Georgia law requires that state agencies notify people of data breaches that compromise their personal information. If more than 10,000 people are affected, agencies are required to notify all national consumer reporting agencies.