Washington, D.C.'s, Metro transit system acknowledged yesterday that it had inadvertently published online the Social Security numbers of almost 4,700 current employees sometime in June.
The information was posted between June 9 and June 25, when the breach was discovered. The information was part of a solicitation from Metro to companies interested in providing workers' compensation and risk management services. The document mistakenly included the Social Security numbers of 4,675 employees. The names and Social Security numbers of a smaller group of employees also were posted in the lengthy document.
Metro sent out letters on July 3, warning affected employees of the accident. The agency has also created a Web site where employees can learn if their numbers have been exposed. To minimize the damage to its employees, Metro has offered affected employees a year's worth of free credit report monitoring, identity theft insurance, and counseling services.
The transit system says the breach was due to the negligence of three employees, including a manager—all of whom have been suspended up to a month without pay.
“We deeply regret this incident, and believe the likelihood of misuse of the information is low,” said Metro Chief Safety Officer Ronald Keele. “However, we have taken additional steps to protect employee information by bolstering Internet security and requiring more checks and balances of materials before they are being released publicly.”