Following this week’s disclosure by Berkeley city staff that roughly 11,000 municipal employee social security numbers had been erroneously divulged to a local media outlet in March, the media outlet’s managing editor said Tuesday that he doubted the data could have been compromised, though it had been “passed around” by employees over email.
Bert Robinson, managing editor for the Bay Area News Group, said the news outlet collects public employee salary and benefit information each year for an online database that is “very popular” on the company’s website. Reporters send 900 requests each year to public agencies to collect data for the project. Robinson said this was the first year “usable information” had been received from Berkeley.
Berkeley City Manager Christine Daniel said April 19 that her staff had responded to the Bay Area News Group (BANG) request in March, then realized in early April that social security numbers had been mistakenly included in the file. City staff let BANG know about the error, and BANG agreed to destroy the information. Last week, the city sent letters to about 2,000 active staff members to let them know about the security breach; this week, the city plans to send another 9,000 letters to retired employees whose data was included in the file.
(Robinson said Tuesday that BANG had only asked for data for current employees when it requested information from Berkeley.)
Robinson said BANG asks public agencies to send back a spreadsheet or data file that includes a particular set of information in it when they turn over their data. Berkeley “did not give us a data file that was in the format that we requested. I assume they just did what was easier, to give us an existing data file that they had. They didn’t notice when they sent it to us that it had all these social security numbers in it.”
And neither did BANG, said Robinson. Berkeley city staff discovered the problem before BANG realized what was in the file, then asked BANG to destroy the data.
“We said, ‘Sure.’ We don’t want the social security numbers,” he said. “We’re not trying to steal anyone’s identity. We just want to put salary and benefit information on the web.”
Robinson said BANG consulted its internal technical team to find out how to eradicate the information from its servers altogether.
“The material was on our system and had been passed around,” he said. “We asked them, ‘How can we purge this data file completely from our system?’ They told us what to do and that’s what we did.”
Robinson said it was primarily two staff members, who collaborate to build the database, who would have had access to the file, which had been emailed by the city of Berkeley to BANG.
He said he didn’t think it was likely that a hacker would have been monitoring BANG’s servers to find social security numbers, as it’s not the kind of data that would typically be stored on a newspaper’s computer system.
“It was only in our possession for a very short period of time,” said Robinson. “The people who have social security numbers stolen tend to be from companies who maintain databases of social security numbers. You can understand how someone would go hack the bank because they know the bank has certain kinds of records. But these are not the kind of records we would normally have, so it doesn’t seem logical that a hacker would have thought to look for them.”
Berkeley shared SSNs from 11,000 current, past staff [04.23.13]
City apologizes for inadvertent release of employee SSNs [04.22.13]
Would you like a digest of the day’s Berkeley news sent to your inbox? Click here to subscribe to Berkeleyside’s free Daily Briefing.