Metro officials accidentally published the Social Security numbers of nearly 4,700 employees on their Web site, officials said Monday.
The sensitive information was included in a document soliciting outside companies to help with worker’s compensation and risk management. It featured the Social Security numbers for 4,675 employees, though Metro officials said only a small number were attached to names.
The file was posted on The Washington Metropolitan Transit Authority’s Web site from June 9 to June 25, and was available to the general public.
A news release states that Metro officials are offering free credit monitoring to those affected, in addition to $25,000 of identity theft insurance. Smith said they are unaware of any identity theft incidents stemming from the incident.
“We deeply regret this incident, and believe the likelihood of misuse of the information is low,” Metro Chief Safety Officers Ronald Keele said in the release. “However, we have taken additional steps to protect employee information by bolstering Internet security and adding more checks and balances of materials before they are released publicly.”
Angela Smith, a spokeswoman for the agency, said the numbers were not prominently displayed on the site and apparently very few visitors saw them.
There is an ongoing investigation into who released the information, and whether they were aware of its content. No one has been disciplined yet in the matter, Smith said.
The release cites a study by the Identity Theft Resource Center, which states that such breaches have become much more common at businesses and schools in recent years. On their Web site, the nonprofit organization lists 342 breaches nationally this year, amounting to more than 16 million records exposed.
