IDOC Data Breach Includes Employee Information

The Illinois Department of Corrections recently discovered that the names, job ranks/positions, salaries, and social security numbers of more than 1,000 employees were inadvertently transmitted in a Freedom of Information Act request that was released to a private citizen.

Officials say they immediately notified the affected employees and took steps to ensure that their identities and credit would not be further breached. Each employee will be offered free credit monitoring services.

An internal investigation reportedly revealed that the private citizen who requested the information was doing so on behalf of an IDOC inmate. The error was discovered after the civilian mailed the response to the inmate. Mailroom staff intercepted the package during a routine inspection of incoming mail. The documents were then secured in the facility vault.

Officials interviewed the inmate who was the intended recipient of the information and conducted a search of their cell. No employee information was discovered. The inmate’s recent phone conversations did not reveal any discussions about obtaining employee social security numbers.

IDOC staff interviewed the civilian who issued the request for the names, ranks, and salaries of employees who worked at the Dixon and Lawrence Correctional Centers during Fiscal Year 15. The civilian stated that he never looked at the response and did not know it contained personal information. He agreed to a polygraph test, which he passed.

Preliminary findings suggest that human error led to the information being released without redaction or a full review. The IDOC says they are conducting a full audit of their Freedom of Information Act unit and will implement streamlined procedures to prevent further inadvertent disclosures.