You must log in or register to comment.

fordry t1_j55rdgt wrote

In other words, their system for managing that data is not properly setup to ensure security of private data...


Shaggy_One t1_j583nud wrote

Probably just unencrypted raw text files on the desktop in a folder labeled "Everyone's private information do not steal"


PNW_Explorer_16 t1_j55no5q wrote

You too, hu?

What exactly is going to come of this?


RManDelorean t1_j55oqtu wrote

Nothing it's fine. They asked nicely so I'm sure they deleted it. /s But hopefully it was just an innocent mistake, lol I can see some hacker out there like "..wait, we could've just asked??"


PNW_Explorer_16 t1_j562u4z wrote

Right! “Hey. You broke a federal law”. “Hacker”: oh. Whoops here you guys go. Sorry about that. I’ll just ask next time. Wanna go grab a coffee?


blaaguuu t1_j55z79q wrote

While this is a pretty shitty situation - I feel like you have to give out your last 4 to so many institutions, and there is no way to validate that any of them have decent security practices, so I generally assume that the 'last 4' might as well be treated as public info, already...


JustARandomBloke t1_j560r41 wrote

The problem being if you know the last four and their birthday and where they were born you can recreate their full ssn.


flipfreakingheck t1_j571ea7 wrote

Wait, really?


JustARandomBloke t1_j572k5u wrote

The first 3 numbers are tied to specific geographic areas. The middle two are based on when you were born. The last 4 are a unique number.


Bigbluebananas t1_j5744ep wrote

So theoretically you can get their social by finding their place of birth and date- after you get the special 4 digits?


JustARandomBloke t1_j574hpl wrote

Yes, though another poster said this is only true for those born before 2011.


Bigbluebananas t1_j576zmg wrote

Man... thats friggin bonkers to me


renownbrewer t1_j58eafh wrote

You used to be able to guess Wa. driver's license numbers with key information and there was even an embedded check sum.


script372 t1_j587ejx wrote

Not necessarily where they were born but where they applied… and it wasn’t until 1987 that people were assigned an SS # at birth.


GunHead416 OP t1_j55of51 wrote

Hopefully nothing but I kinda shocked this was all it took for the government to fuck up.

Shocked....well, not that shocked.


Ben_A t1_j55v065 wrote

Worked at dominos as a delivery driver. For some reason my manager sent my full name, address, social security number, and license number to someone I delivered to. I do not know why. He’s just dumb.


rosesandpiglets t1_j569719 wrote

I’m usually not a very litigious person, but you might want to talk to a lawyer. Breaking federal law and saying “oh whoops” “we fixed it and totally trust this dude” doesn’t cut it IMO. They need to provide legal documentation that they did what they said at the bare minimum.


PNW_Explorer_16 t1_j56svm9 wrote

Agreed. We’re you part of it as well? Sounds like a lot were, and I don’t mind getting the ball rolling.


rosesandpiglets t1_j56viua wrote

I was not fortunately. I hope the victims take action though, this is completely unacceptable and I don’t trust the “cooperation” of a third party one bit


SoftwarePatient5050 t1_j57epdh wrote

Which federal law was broken?


[deleted] t1_j57gbsy wrote



SoftwarePatient5050 t1_j581tae wrote

That does not appear to apply here:

>Binds only federal agencies and covers only records under the control of federal agencies (and, by contract, also applies to contractor personnel and systems used by a federal agency to maintain the records).


SirDouglasMouf t1_j576jeq wrote

I'm guessing you don't know about how god awful WA state unemployment fraud was/is/has become. The amount of identity fraud in this state is bonkers.


PNW_Explorer_16 t1_j562m94 wrote

Right. On one hand it’s shocking, on the other, the ineptitude isn’t a surprise at all.

I know we can do better, it’s just takes that initiative, which I don’t have much faith in.


SoftwarePatient5050 t1_j57fd2b wrote

What should come of this?


PNW_Explorer_16 t1_j57i82j wrote

Based on your username, I get the sense you understand PII and possibly GDPR rules. So you know at a corporate level how serious these things can get.

As with anything, there are loop holes, which I understand. However, a “whoops, trust our guy it was handled in two hours” is negligent.

What I’d like to see is a security audit within pierce county (digital and physical). how records are stored, kept, shared, etc. next, an audit on personnel security levels, and a chain of command for releasing records.

In the event of a breach, what’s the protocol, and how does the county plan to mitigate risk, while protecting its people. A “oh it’s totally cool” piece of mail isn’t on par with standards of where we should be.

Next, what entity requested our data? If it was a company, they should be listed, and we should have communication options to address directly with them. If this was a personal (non entity) request, that person should have a representative from pierce county tagged so we can understand the intent on which this person requested our data.

Lastly, comes the monetary side. While no one may be victim to identity theft which, may lead to erroneous monetary charges, there should be a plan in place to address this should it occur. Pierce had an obligation to help it’s citizens. Listing the three credit agencies doesn’t suffice.

Lastly, let’s say that someone, or a group, is targeted (harassment, violence, etc). This again falls into malicious intent, but dives into more murky waters.

I don’t have the answers. This is just what comes to mind. I’m not a “let’s sue and get everything we can” kinda person. I’m more of a “hey, let’s be a leading example for privacy of our citizens data, and also a leader in mitigating risk to its citizens” kinda guy.


Yuvneas t1_j5ayuqu wrote

Honestly, if it was an individual, their identity should be released as well. People have a right to know who has their personal information.


Cuidado_roboto t1_j55wkwp wrote

Ok, but requests for voter registration info is sus, is it not? What’s their motivation and who has the time for that?


TVDinner360 t1_j564swe wrote

It’s hella common. Political parties and candidates do it routinely. It’s how they decide how to market candidates to you. For example, if they see you only vote in presidential elections, they might not bother to market to you as heavily as someone who votes in every election. But if you vote in every election, you will get ALL THE FLYERS until you turn in your ballot. Yes, they track that, too. Flyers are pricey.


Macemore t1_j56rld7 wrote

What's even scarier is how easy it is to get someone's SSN just by knowing some details about them, they did t randomize SSNs until around 2008. So you're saying they have the last four (the only random part) and all the information necessary to get the other 7 digits? Hmmm


MJBrune t1_j57d3a9 wrote

other 7? My SSN is only 9 digits long...


Macemore t1_j57fa25 wrote

Yeah I counted wrong, I even remember thinking "7 has to be wrong" but I posted it anyway. I think we all understand the gist of what I was saying, the first 5 digits are based off locations of birth and certificate registration, the last 4 are sequential (basically random from guessing perspective). It's actually scary how little security there is with SSNs especially knowing the potential damage.


MJBrune t1_j57hfjj wrote

it's because SSNs were simply supposed to be ID tax numbers that you could give to anyone. Someone knowing your tax number wasn't meant to confirm your identity. It was just supposed to track how much you put into Social Security. The IRS tried to prevent people from using it as an ID security measure but eventually just gave up.

It's like how business EIN operates. It's literally just a number to track the taxes that the business is responsible for. In some cases it even replaces the business owner's SSN on some forms.


Macemore t1_j57hzy1 wrote

Wow that makes a lot of sense, thank you! It's sad that the IRS tried and they failed. I've wondered why it was so cavalier to give my EIN out, I figured it must not mean as much as the SSN and now I know why!


AdUnfair1643 t1_j55sc2r wrote

I have seen absolutely nothing but absolute incompetence from local government and businesses since we’ve moved here. I wasn’t surprised when I received my letter.


MJBrune t1_j57dh66 wrote

The question is, why are voters' addresses and birthdays public information?


renownbrewer t1_j58fi6j wrote

Transparency and political parties really like a good database dump too. Unfortunately it's pretty tough for people from dysfunctional families who aren't terrible enough to qualify them for Washington's address conveniently program. I didn't register to vote for years until I moved out of state because I didn't want shitty family on my doorstep.


MJBrune t1_j58fttv wrote

>Transparency and political parties really like a good database dump too.

Not a good enough reason IMHO. I hate how the government bend over backwards for politicians.


Bigseth0416 t1_j57gkrh wrote

This is actually a pretty common scam for government and why some sectors charge a large fee per page of information. One might for example use the freedom information act to obtain documents/emails from the purchasing department of what ever government entity and hope someone does not notice a credit card number or other sensitive information that was not redacted.


herbnoh t1_j56shgq wrote

Didn’t divulge personal info of “Requester” though, why not just all get on the same page, what’s that auditors SSN, I pay their salary anyway, just tell me who’s asking about me.


TheTarquin t1_j57dlrx wrote

Just a little oopsie-doodle privacy breach.


KittenKoder t1_j583u1g wrote

This is what happens when you don't hire computer literate people to operate computers. I bet the clerk is not paid enough to do this job too.

Don't cheap out on your IT, it's a stupid mistake that many organizations and businesses have been doing lately and all this shit will y2k if if continues.


Zer0sober t1_j58dvov wrote

I got the same notice... funny how so many people were included in something that was not "widespread".... smfh


Macemore t1_j56rd91 wrote

Same here. Must have been a lot bigger than theyre reporting. I'm wondering if there's any legal action we can take, how can we verify it was only the last four? What caused this and how is it not going to happen again? I have LifeLock from UW because they lost a hard drive that could have had my information on it. Why isn't Peirce doing something similar for the individuals affected by this?


0112358g t1_j58h4qx wrote



lumbersom t1_j58ner5 wrote

As if just deleting from their computer is simply enough to ensure recovery safety.


Sure-Survey9192 t1_j59m9xl wrote

Never registering for voters card ever again no matter where i live this is ridiculous.


GlobalCodec t1_j5aqyc5 wrote

Probably should have ran the release past legal before releasing :')


Gigglenator t1_j5chzyp wrote

Everyone in my house got this letter. They fucked up big time.


hham42 t1_j5fcduv wrote

Ok guys, they didn’t “ask nicely”- the person the information was sent to allowed the Pierce County IT group to go onto their laptop, into their email and full delete the file and any trace of it. Your information is safer than any of the six or so notices you’ve gotten from other data breaches. (That number is an assumption based on my experiences, it seems like every six months I’m notified of a data breach and they just offer me credit monitoring for another year.)


discodawg02 t1_j58bfob wrote

I got the same letter. Should I do anything?


CWcooper2 t1_j56rcve wrote

And this is why I don’t give out my personal information to local or federal government


MJBrune t1_j57dc4g wrote

your personal information, like the government-issued social security number. You don't think the organization that gave you that SSN doesn't have it already?


CWcooper2 t1_j57dtj4 wrote

I know SSN is already known by the government (duh) but my point is I don’t give out my name, address, phone number etc. for this reason


MJBrune t1_j57giij wrote

The government already knows your name (you legally have to provide one at birth.) They also know your address because you provide one if you own the house, if you don't there are numerous systems that require you to provide a mailing address, and Washington state IDs require one. They also already know your phone number if it's a landline or can get it from the mobile company at the drop of a hat if it's a cell phone.

So really of the things you mentioned. The phone number is maybe the only thing that the government doesn't have direct access to. Maybe they don't have your address if you've avoided filling out government forms like taxes but likely you are just breaking the law at that point.