DHHS reports job applicant data security incident
Published 12:00 am Saturday, November 25, 2017
RALEIGH — The N.C. Department of Health and Human Services is notifying affected individuals of a recent data security incident.
The incident occurred when a spreadsheet containing personal information was sent in error to a vendor in an unencrypted email.
Personal information included names, social security numbers and test results for about 6,000 people who underwent routine drug screenings for employment, intern and volunteer opportunities at DHHS. These screenings were routine and applied uniformly to applicants for particular positions.
A person’s inclusion in the spreadsheet reflects only that they sought an employment, intern or volunteer opportunity at DHHS within the affected time period.
Upon learning of the breach on Sept. 27, DHHS immediately started an investigation and coordinated with the vendor on the secure destruction of transmitted materials. While DHHS cannot determine for certain that the email was not intercepted during transmission, DHHS has determined that the risk of misuse of the personal information is low.
The department has since reviewed proper procedures with employees. It is continuing to review its internal processes to ensure the correct handling of data moving forward and to help avoid a similar occurrence in the future.
DHHS has mailed letters to affected individuals notifying them about the incident and has posted information on the DHHS website. To protect against fraud, affected individuals can put an alert on their credit files and monitor bank statements and credit card bills for unusual or unauthorized activity. They may contact any of the following credit bureaus to ask that a fraud alert be placed on their credit files:
- Equifax: 1-800-525-6285
- Experian: 1-888-397-3742
- TransUnion: 1-800-680-7289
People who may have been affected by the incident can call 1-800-662-7030 with questions.