North Carolina Department of Public Safety is scrambling to apologize after a reported exposed a potentially harmful data breach involving thousands of crime victims. The database was designed to manage and account for the North Carolina Crime Victims Compensation program. The program offers money to victims for expenses like hospital stays.
WRAL
A WRAL.com reporter discovered the security breach while doing research for a story about the state's Crime Victims Compensation program. By law, the personal information of victims who apply for the program is not public record.
The breach happened sometime in late 2012 after the department created a new website and moved it to a state server, according DPS Communications Director Pamela Walker. Although the information was publicly available for more than a year, state workers investigating the breach believe it is "highly unlikely that anybody accessed this site," Walker said.
According to WRAL, the breach occurred in late 2012 when servers were changed out.
When the new servers were turned on the normally private data became public. The breach was discovered and brought to the attention of North Carolina authorities after remaining
public for over a year!
WRAL News was able to find information about victims on the site as far back as 1992, including names, dates of birth, dates of the crimes, how much money they requested and whether they were denied or received financial help. Some of the cases included names and birth dates of children who had been sexually abused.
The site was taken down immediately upon learning of the data breach. North Carolina authorities claim that no one accessed the information. I'll take that with a giant grain of salt.
NCDPS website
There has been no official statement from GOP Governor Pat McCrory yet, but is another technology blunder in the McCrory Administration. Previously, a computer glitch forced hundreds of North Carolina families to go hungry when they could not process food stamp applications.