Sebastian County mistakenly sends out via e-mail 200 employee bank account numbers
The Sebastian County finance department recently had to rescind an email that revealed 200 employees’ bank account numbers. According to a text message sent to Talk Business & Politics, the email contained bank account and routing number information and was accessible for about 11 minutes.
A follow-up email from Sebastian County Payroll Administrator Delena Montes noted: ”Please disregard the last email. My apologies.”
Sebastian County Comptroller Melissa Sinclair disputed some of the leaked information in an emailed statement to Talk Business & Politics on Tuesday (March 21). “An email containing links was inadvertently sent to an email group consisting of county employees,” Sinclair said, noting that “Within 3 minutes (not 11) of the email distribution, the links were disabled and further steps were taken to recall the emails. Encrypted data files are now used to safeguard against this from occurring.”
Sinclair emphasized the email did not leave the county system. “A personal check that one would write to Wal-Mart for his/her groceries has more information than what the file contained.” Sinclair also said no employees had changed their banking and payroll information since the email was sent.
The county does not use a third-party firm for handling payroll, so unless there was an as-yet-undetected system hack, access to outside parties would be unlikely. Furthermore, a person committing fraud would need more than a name and bank account number to find success. The hypothetical fraudster would also require, at minimum, a routing number, which, according to Sinclair, did not go out with the email.
According to 2015 data from the Interstate Technology and Regulatory Council (ITRC), more than 169 million personal records are exposed per year, and stem from breaches across the financial, business, education, government and healthcare sectors. The average global cost per each lost or stolen record containing confidential and sensitive data was $154. The industry with the highest cost per stolen record was healthcare, at $363 per record.