Baltimore County Uncovers Additional Personal Information on Contents Stolen from Hard Drive
Towson, Maryland (November 8, 2013) – The Baltimore County Police Department has uncovered additional personal information of County employees that was found on the computers seized from a contract employee working in Baltimore County from December 2011 through July 13, 2012.
Last week, the County informed more than 12,000 employees and former employees that Florida police had arrested a suspect in an unrelated identity theft case who had downloaded employees' personal information from a County hard drive. Employees were told that the following information appeared on the suspect's home computer:
- the employee's name and social security number
- the employee's home address
- the employee's leave balances
- the employee's county identification number
- the employee's salary rate and salary
- the employee's agency in county government
- the employee's adjusted start date and start date
- the employee's job classification
- the employee's title, race and gender
Additional Stolen Information Discovered
In its initial review, investigators did not believe that any employee checking or banking information existed on the suspect's computers. However, in continuing to examine the thousands of pieces of data that were encrypted on the drive, the investigators have now discovered that individual checking and bank routing numbers were also stolen.
Those particular files of 6,633 employees were also improperly copied from a County employee's work computer on May 9, 2012. In a letter that will be mailed on Tuesday morning, those 6,633 employees will receive a letter informing them that their data was copied on this additional file.
This data was discovered in payroll files created in January and March of 2007 and contained the personal information of those employees who, on those dates, had their paychecks direct deposited into their bank accounts. The file also contained other data relevant to the employee including the employee's name, County identification number, home address, the amount deposited into the employee's account and social security number. No banking or routing information for employees hired after March 2007 was found on the suspect's computers.
"I apologize that this information was not included in the original correspondence that I sent you last week regarding this unfortunate incident," wrote Homan. "I understand that the investigators are nearing the completion of their review of approximately 30 terabytes of data on the computers seized from the suspect (this is a tremendous amount of data; the total amount of information stored in the United States Library of Congress amounts to about 10 terabytes). Even with the state-of-the art forensic equipment available to the County investigators, it is a massive undertaking to go through each piece of data found on the seized computers. Should any additional information be discovered, I will alert you immediately."
New Security Measures in Place
Last week the County announced that effective immediately all employees were now prohibited from downloading personal information on their individual County hard drives. It also announced that the County's Office of Information Technology was scanning 5,000 County computers to ensure that any personal information was removed.
Regarding the check routing information found on the suspect's computers, the County's Director of Information Technology Rob Stradling, told employees that individual bank firewalls are well-protected and that it is very difficult for individuals to hack into those systems. "Having said that, it is a good idea in this day and age for individuals to check their financial accounts daily," said Stradling. "That is just the stark reality of the world today."
Credit Reporting Agencies
In last week's letter, employees were given contact information for the credit reporting agencies.
P.O. Box 740241
Atlanta, Georgia 30374
P.O. Box 9554
Allen, Texas 75013
P.O. Box 6790
Fullerton, California 92834
Information on Identity Theft
The County also shared information for those interested in learning more about protecting themselves from identity theft:
Homan again reminded employees that should they have additional questions, they may email them to firstname.lastname@example.org.