You too, hu?

What exactly is going to come of this?

Hopefully nothing but I kinda shocked this was all it took for the government to fuck up.

Shocked....well, not that shocked.

Nothing it's fine. They asked nicely so I'm sure they deleted it. /s But hopefully it was just an innocent mistake, lol I can see some hacker out there like "..wait, we could've just asked??"

In other words, their system for managing that data is not properly setup to ensure security of private data...

I have seen absolutely nothing but absolute incompetence from local government and businesses since we’ve moved here. I wasn’t surprised when I received my letter.

"an whoopsie"?

Worked at dominos as a delivery driver. For some reason my manager sent my full name, address, social security number, and license number to someone I delivered to. I do not know why. He’s just dumb.

Ok, but requests for voter registration info is sus, is it not? What’s their motivation and who has the time for that?

While this is a pretty shitty situation - I feel like you have to give out your last 4 to so many institutions, and there is no way to validate that any of them have decent security practices, so I generally assume that the 'last 4' might as well be treated as public info, already...

The problem being if you know the last four and their birthday and where they were born you can recreate their full ssn.

Right. On one hand it’s shocking, on the other, the ineptitude isn’t a surprise at all.

I know we can do better, it’s just takes that initiative, which I don’t have much faith in.

Right! “Hey. You broke a federal law”. “Hacker”: oh. Whoops here you guys go. Sorry about that. I’ll just ask next time. Wanna go grab a coffee?

It’s hella common. Political parties and candidates do it routinely. It’s how they decide how to market candidates to you. For example, if they see you only vote in presidential elections, they might not bother to market to you as heavily as someone who votes in every election. But if you vote in every election, you will get ALL THE FLYERS until you turn in your ballot. Yes, they track that, too. Flyers are pricey.

I’m usually not a very litigious person, but you might want to talk to a lawyer. Breaking federal law and saying “oh whoops” “we fixed it and totally trust this dude” doesn’t cut it IMO. They need to provide legal documentation that they did what they said at the bare minimum.

That threw me too.

[deleted]

And this is why I don’t give out my personal information to local or federal government

Same here. Must have been a lot bigger than theyre reporting. I'm wondering if there's any legal action we can take, how can we verify it was only the last four? What caused this and how is it not going to happen again? I have LifeLock from UW because they lost a hard drive that could have had my information on it. Why isn't Peirce doing something similar for the individuals affected by this?

What's even scarier is how easy it is to get someone's SSN just by knowing some details about them, they did t randomize SSNs until around 2008. So you're saying they have the last four (the only random part) and all the information necessary to get the other 7 digits? Hmmm

Happy Cake 🍰!

Didn’t divulge personal info of “Requester” though, why not just all get on the same page, what’s that auditors SSN, I pay their salary anyway, just tell me who’s asking about me.

Agreed. We’re you part of it as well? Sounds like a lot were, and I don’t mind getting the ball rolling.

I was not fortunately. I hope the victims take action though, this is completely unacceptable and I don’t trust the “cooperation” of a third party one bit

My guy I got some bad news

Wait, really?

The first 3 numbers are tied to specific geographic areas. The middle two are based on when you were born. The last 4 are a unique number.

This used to be true, and so still is for all eligible voters, but since 2011 SSNs have been generated randomly.

https://www.ssa.gov/employer/randomization.html

So theoretically you can get their social by finding their place of birth and date- after you get the special 4 digits?

Yes, though another poster said this is only true for those born before 2011.

I'm guessing you don't know about how god awful WA state unemployment fraud was/is/has become. The amount of identity fraud in this state is bonkers.

Man... thats friggin bonkers to me

[removed]

other 7? My SSN is only 9 digits long...

your personal information, like the government-issued social security number. You don't think the organization that gave you that SSN doesn't have it already?

The question is, why are voters' addresses and birthdays public information?

Just a little oopsie-doodle privacy breach.

I know SSN is already known by the government (duh) but my point is I don’t give out my name, address, phone number etc. for this reason

That makes total sense! Thank you for your explanation

Which federal law was broken?

Yeah I counted wrong, I even remember thinking "7 has to be wrong" but I posted it anyway. I think we all understand the gist of what I was saying, the first 5 digits are based off locations of birth and certificate registration, the last 4 are sequential (basically random from guessing perspective). It's actually scary how little security there is with SSNs especially knowing the potential damage.

What should come of this?

[deleted]

The government already knows your name (you legally have to provide one at birth.) They also know your address because you provide one if you own the house, if you don't there are numerous systems that require you to provide a mailing address, and Washington state IDs require one. They also already know your phone number if it's a landline or can get it from the mobile company at the drop of a hat if it's a cell phone.

So really of the things you mentioned. The phone number is maybe the only thing that the government doesn't have direct access to. Maybe they don't have your address if you've avoided filling out government forms like taxes but likely you are just breaking the law at that point.

This is actually a pretty common scam for government and why some sectors charge a large fee per page of information. One might for example use the freedom information act to obtain documents/emails from the purchasing department of what ever government entity and hope someone does not notice a credit card number or other sensitive information that was not redacted.

it's because SSNs were simply supposed to be ID tax numbers that you could give to anyone. Someone knowing your tax number wasn't meant to confirm your identity. It was just supposed to track how much you put into Social Security. The IRS tried to prevent people from using it as an ID security measure but eventually just gave up.

It's like how business EIN operates. It's literally just a number to track the taxes that the business is responsible for. In some cases it even replaces the business owner's SSN on some forms.

[deleted]

Wow that makes a lot of sense, thank you! It's sad that the IRS tried and they failed. I've wondered why it was so cavalier to give my EIN out, I figured it must not mean as much as the SSN and now I know why!

Based on your username, I get the sense you understand PII and possibly GDPR rules. So you know at a corporate level how serious these things can get.

As with anything, there are loop holes, which I understand. However, a “whoops, trust our guy it was handled in two hours” is negligent.

What I’d like to see is a security audit within pierce county (digital and physical). how records are stored, kept, shared, etc. next, an audit on personnel security levels, and a chain of command for releasing records.

In the event of a breach, what’s the protocol, and how does the county plan to mitigate risk, while protecting its people. A “oh it’s totally cool” piece of mail isn’t on par with standards of where we should be.

Next, what entity requested our data? If it was a company, they should be listed, and we should have communication options to address directly with them. If this was a personal (non entity) request, that person should have a representative from pierce county tagged so we can understand the intent on which this person requested our data.

Lastly, comes the monetary side. While no one may be victim to identity theft which, may lead to erroneous monetary charges, there should be a plan in place to address this should it occur. Pierce had an obligation to help it’s citizens. Listing the three credit agencies doesn’t suffice.

Lastly, let’s say that someone, or a group, is targeted (harassment, violence, etc). This again falls into malicious intent, but dives into more murky waters.

I don’t have the answers. This is just what comes to mind. I’m not a “let’s sue and get everything we can” kinda person. I’m more of a “hey, let’s be a leading example for privacy of our citizens data, and also a leader in mitigating risk to its citizens” kinda guy.

https://www.justice.gov/atr/antitrust-laws-and-you#:~:text=the%20Consumer%20guide.-,The%20Sherman%20Antitrust%20Act,are%20punishable%20as%20criminal%20felonies.

Did you just find a random law to cite or something? What in the world do you think antitrust laws have to do with election information?

[deleted]

That does not appear to apply here:

>Binds only federal agencies and covers only records under the control of federal agencies (and, by contract, also applies to contractor personnel and systems used by a federal agency to maintain the records).

Probably just unencrypted raw text files on the desktop in a folder labeled "Everyone's private information do not steal"

This is what happens when you don't hire computer literate people to operate computers. I bet the clerk is not paid enough to do this job too.

Don't cheap out on your IT, it's a stupid mistake that many organizations and businesses have been doing lately and all this shit will y2k if if continues.

I wonder why I have a NY ssn when I was born in WA, I'm 23 lol.

Not necessarily where they were born but where they applied… and it wasn’t until 1987 that people were assigned an SS # at birth.

I got the same letter. Should I do anything?

I got the same notice... funny how so many people were included in something that was not "widespread".... smfh

You used to be able to guess Wa. driver's license numbers with key information and there was even an embedded check sum.

Transparency and political parties really like a good database dump too. Unfortunately it's pretty tough for people from dysfunctional families who aren't terrible enough to qualify them for Washington's address conveniently program. I didn't register to vote for years until I moved out of state because I didn't want shitty family on my doorstep.

>Transparency and political parties really like a good database dump too.

Not a good enough reason IMHO. I hate how the government bend over backwards for politicians.

I GOT THAT IN THE MAIL YESTERDAY MORNING; I’m pissed af

As if just deleting from their computer is simply enough to ensure recovery safety.

[deleted]

Never registering for voters card ever again no matter where i live this is ridiculous.

Probably should have ran the release past legal before releasing :')

Honestly, if it was an individual, their identity should be released as well. People have a right to know who has their personal information.

Everyone in my house got this letter. They fucked up big time.

Ok guys, they didn’t “ask nicely”- the person the information was sent to allowed the Pierce County IT group to go onto their laptop, into their email and full delete the file and any trace of it. Your information is safer than any of the six or so notices you’ve gotten from other data breaches. (That number is an assumption based on my experiences, it seems like every six months I’m notified of a data breach and they just offer me credit monitoring for another year.)