PORTLAND, Maine — Cumberland County Sheriff Kevin Joyce is urging the approximately 180 people recently arrested by his agency whose Social Security numbers were accidentally made public this week to be wary of strange activity in their bank or other personal accounts.
Joyce told the Bangor Daily News Friday that while he now believes fewer people had access to the sensitive information than originally announced Thursday night, there’s no way to be sure that somebody with ill intent didn’t get hold of one of the numbers.
“The good thing is the exposure was for a fairly limited period of time and the access was minimal, and we can only hope that the access was by the right people,” Joyce said. “But whenever you have personal information that gets out like this, like with credit card numbers or anything else, we want to make sure people are aware of it. We want to get it out there so people understand they need to be a little proactive, and that yeah, this was a bad mistake, but they need to be cognizant about anything that doesn’t look right in their financial situation.”
Alysia Melnick, lawyer for the American Civil Liberties Union of Maine, scolded the sheriff’s office for its handling of the numbers Friday and said the incident serves as another reminder that government entities should collect the minimum of personal data.
“There are huge privacy implications, especially in a time of rampant identity theft, of disclosing Social Security numbers,” Melnick told the BDN Friday. “The disclosure of inmate Social Security numbers was an inappropriate and troublesome handling of highly personal information. We understand that nobody did this intentionally, but it proves that the more entities that have private information, the more likely it is that that information will be compromised.”
On Thursday night, the Cumberland County Sheriff’s Office announced that a new software update intended to automatically post regular arrest lists on the department’s Facebook page and distribute them to media outlets was inadvertently set to release Social Security numbers of those arrested as well.
In the process of updating the software, Joyce said, the system was put back in its default settings, which did not redact sensitive personal information as it should. The sheriff said the mistake was caught within 45 minutes of the arrest list being posted online Tuesday, and was immediately removed.
While Thursday night’s department announcement stated that 70 individuals had access to the information during that time, Joyce said Friday he now believes that number to be closer to 50, and that those individuals would not have seen the Social Security numbers without clicking through the main page to the attached arrest list document.
About 180 people who were arrested between Aug. 27 and Sept. 4 had their numbers posted.
“The majority of the people who could have had access were through Facebook, and they would have had to make it a conscious effort to access those numbers,” said Joyce, who said thus far he has received one call from a potentially affected arrestee asking for more information. “But I’ve tried to consider the worst case scenario.
“I think as police officers we’re always suspect of anybody,” he continued. “On the one hand, I could be out talking to the elderly and kids about being careful about their information because we don’t want that information in the wrong hands, and here we have a scenario where by virtue of a computer program, we gave out that information ourselves.”