Social Security numbers for thousands of state employees and contractors were exposed in a recent data breach at the Department of Fish and Wildlife, according to a memo that the department sent to its workers this week.
The department discovered the data breach on Dec. 22, but did not disclose the breach to employees until this week. The California Highway Patrol has been investigating the incident for the past two months.
According to the memo, a former state employee downloaded the data to a personal device and took the records outside of the state’s network. The memo does not say when or why the former employee downloaded the information to an unsecured network.
The data included names and Social Security numbers of people who worked at the department and the state’s wildlife conservation board in 2007. The data also included personal information for vendors who worked with the department and with the conservation board between 2007 and 2010.
About 2,300 people worked for the department in 2007, according to the state budget from that year. The memo encouraged employees to obtain more information about monitoring identity theft from the Attorney General’s Office, or to contact one of the three credit bureaus: Equifax, Esperian and TransUnion.
The department has not yet seen evidence that cyber criminals are trying to profit from the data, department spokeswoman Jordan Traverso said. She said the department discovered the improper download when supervisors discussed other work-related issues with the employee. The memo said the former employee did not appear to have had malicious intent in downloading the data to a personal device.
The department did not say when the former employee downloaded the data.
A 2015 report by the state auditor encouraged California government agencies to tighten up their cyber security precautions. Last year, one department drove home the message with a fake phishing message that played on its employees’ anticipation for bonuses they received in a new contract.