The S.C. Department of Employment and Workforce is notifying more than 4,600 current and former employees after learning their personal information — including names, addresses, birthdates, and Social Security numbers — was improperly downloaded onto a mobile storage device.
The news was first reported by the State newspaper.
SCDEW said the information download occurred on Dec. 18, and officials were notified by security software notified right away. The State Law Enforcement Division launched an investigation the following day and recovered the device with the information still on it. The employee was suspended without pay. DEW would not identify the employee, but said they had been fired on Tuesday.
The agency said the employee was authorized to view the human resources information, but was not allowed to download it onto an unencrypted device. DEW officials said they don’t believe the employee intended to steal the information, but also did not have permission to download the information and did not follow protocol for encrypting the information. No charges have been filed.
“This is exactly what should have happened. Our security measures detected these downloads and DEW promptly began a full investigation. We don’t know that the information has been further compromised, but out of an abundance of caution we are notifying those employees and individuals impacted so they can take necessary measures to protect themselves, including signing up for the state’s free credit monitoring,” agency Executive Director Cheryl Stanton said in a statement.
Only current and former employees of DEW and their dependents of were affected. Personal information of those receiving unemployment benefits in South Carolina was not in the human resources database.
“We worked with SLED for the last month to the fullest extent possible on the investigation to make sure we had the most accurate information to give employees, including reviewing each and every file to identify each individual impacted,” Stanton said.
The event is eerily similar to a 2012 incident at the S.C. Department of Health and Human Services, when an employee was arrested for compiling the personal information of more than 228,000 Medicaid recipients and emailing it to himself. That employee, Christopher Lykes, pleaded guilty in October to four counts of willful examination of private records by a public employee.