State Employee Information Mistakenly Uploaded to Internal Website
No known unauthorized access; Steps taken to prevent instance from happening again
Raleigh, N.C. – The North Carolina Department of Information Technology (NCDIT) and the Office of State Human Resources (OSHR) are notifying current and former state employees of a recent security concern involving their data. A file containing personally identifiable information including 84,860 employees’ names and Social Security numbers was mistakenly uploaded to an internal portal that was accessible to other state employees. At this time, there is no evidence that anyone accessed the information other than those employees who were involved in identifying and remediating the instance.
The file was discovered on July 30, 2021, during a sweep for personally identifiable information on the state’s network. The file was taken down immediately and steps taken to try to determine whether or not the information had been accessed. The file was not accessible to the general public.
Individuals whose information was contained in the file were notified by email today and a letter will be sent by mail. Those employees will be given access to 24 months of identity theft resolution services at no charge.
The notification also includes steps employees can take to protect themselves if their personal information may have been compromised, such as checking credit reports for free. More tips are available from the NC Department of Justice.
In addition, NCDIT and OSHR have implemented new security procedures to protect employees’ personal data, including more comprehensive sweeps like the one that found the file and additional cybersecurity training will be assigned.