Personal Information Accidentally Released by Secretary of State’s Office

The two women who filed the lawsuit are seeking class action status.

“It’s very, very scary”, said attorney Jennifer Jordan, who is representing Elise Piper and Yvette Sanders in the suit, which was filed Tuesday afternoon in Fulton County Superior Court.

The lawsuit says records for 6,184,281 registered voters were included in the October file.

Kemp’s office blamed a “clerical error” and said 12 organizations, including statewide political parties, news media organizations and Georgia GunOwner Magazine, received the file.

Jordan said she also had returned a disc containing the voter file to the Secretary of State’s office. The plaintiffs allege that Kemp’s office knew of the issue and failed to disclose it.

Kemp, however, sought to show his office had gotten control of the situation.

“My staff has verified with the media outlets and political parties that received these discs that they have not copied or otherwise disseminated confidential voter data to outside sources”, he said. It also says Kemp has failed to notify those individuals that their personal information may have been compromised. Kemp’s list of registered voters usually only includes voters’ full name and address, but earlier this month he sent out a database that included more sensitive information, according to the lawsuit.

Kemp didn’t say what he meant by having “taken additional administrative action”.

Kemp called it a clerical error. But experts say the security lapse is a breach in protocol and stronger standards are needed.

He denied the disclosure was a breach of the state’s voter registration system. He added that if voters’ personal data did indeed get released, the state should look into providing consumer protections to affected voters. “While the application only requests the last four digits of a voter’s social security number, for a few reason the Secretary of State maintains each voter’s complete social security number and driver’s license number”, the lawsuit said.

Personal identity information can be used over and over and fetch high prices among criminals, while bank cards aren’t as valuable because they can be quickly canceled after a theft. It is supposed to include only a voter’s name, residence, mailing address, race, gender, registration date and last voting date.

The Secretary of State’s Office is attempting to retrieve discs sent to 12 buyers in order to secure the data.

In 2012, a massive data breach reported by SC officials exposed 3.8 million Social Security numbers. SC in 2012 discovered that unencrypted data from tax returns was hacked from its Department of Revenue, affecting 3.8 million adults, 1.9 million dependents and 700,000 businesses.

SC paid Experian $12 million to provide credit monitoring for victims.