The Iowa Lottery said in a release Tuesday that the organization inadvertently released the Social Security numbers of some of its prize winners from calendar year 2011.
"This release of sensitive data was unintentional," Iowa Lottery CEO Terry Rich said. "On behalf of the entire lottery team, I apologize for this mistake. As we have said many times through the years, human involvement in any process means it will not be perfect. We are offering those impacted access to a credit-monitoring service and reviewing our procedures to identify improvements that can be made as we move ahead."
According to lottery officials, the release occurred as the lottery was responding to an open-records request from Jeff Kelly Lowenstein, an assistant professor of journalism at Grand Valley State University in Michigan. The journalism professor had requested a list of all Iowa Lottery winners of $600 or more since the Iowa Lottery's start in 1985.
Lottery winner lists are open records under Iowa law. The lottery responded to the request on April 12 and the data provided was published in mid-September on a website. The data was on that website for about 10 days until Sunday afternoon, when it was removed at the lottery's request.
Lowenstein said he was unaware that one of the fields of information in the prizes database contained hidden Social Security numbers until Rob Porter, an attorney for the Iowa Lottery, contacted him Sunday.
A reader of a website where the information had been posted contacted the Iowa Lottery Friday after apparently figuring out how to "unhide" the Social Security numbers in the data, Porter said.
The page had 119 unique views, but it was not immediately known how many users might have downloaded the information, Lowenstein said.
"Quite honestly, I was stunned when I got the call. We deleted it immediately," Lowenstein said Tuesday.
In working to comply with the open records request for more than 30 years' worth of data related to prize winners, the lottery needed to access information in multiple databases on multiple platforms, then compile the applicable details into one spreadsheet. In the process of doing that work, additional information was inadvertently left in the resulting spreadsheet only for those winners from calendar year 2011. That information included 2,967 unique Social Security numbers for the winners of Iowa Lottery prizes of $600 or more in calendar year 2011.
It was not immediately clear that Social Security numbers for some Iowa Lottery winners had been released, as the details did not appear in the main text of the spreadsheet involved. Further, in the tabs where the information did appear, the data was in unrecognizable abbreviations that required further steps by the user to view the details involved.
Lottery officials said a member of the public noticed the Social Security numbers on the website and notified the lottery about the situation Friday night. Lottery personnel then worked to identify the source of the information and pinpointed those details Saturday morning. The lottery then reached out to the journalists who had requested the information and asked them to remove it from the website, which they did on Sunday. On Monday, the lottery provided the journalists with another copy of the data they had requested that did not include sensitive information relating to its winners.
"As soon as the lottery realized that some of its winners' Social Security numbers had been released, we began work to address the issue," Rich said. "This incident reminds us that we must continue to be vigilant in our efforts to protect sensitive information. It is imperative that we continue to monitor and check any information we provide in our daily work as Iowa Lottery employees."
I hope that the winners accept the Iowa Lottery CEO Terry Rich's apology. To err is human to forgive divine.
All the other States, D.C., Puerto Rico, and the Virgin Islands should take the appropriate actions.
"Offering...credit monitoring service"
Okay, what will you do for those that suffer an actual loss ?
Nothing! They will Claim the Winners Social Security Number was Compromised by Equifax!
Well, that's not true.
HM,let me tell you exactly what that means... As a former employee with a secret security clearance who was in that group who had my info taken a few years ago. They send you a notice from a "myIDcare" who they have use to "provide identity protection"and it will say as follows:
"MYIDCare has discovered one or more or you identity monitoring services has a new notification.This is not a credit notification. Please log into MyIDCare at opm.gov/cybersecurity or click Log In to review the details of this notification.
Protecting your identity is our number one priority. If after reviewing the details on line, you have any questions,please contact MyIDCare member services at 800 blah blah,blah blaahhhhh."
I wont even go into the issues in trying to change your password within the parameters they set forth. That is another can of worms for another day.
What I can tell you, as a former criminal investigator for a large northern law enforcement agency, the problem lies that once your name and DOB and SSN is attained by another unethical person(s) you are basically in"do-doo" and have to be on the defense all the time. Look at recent issues with medical insurance companies that had their info hacked a short time ago. I think that happened in GA....not 100% sure of that.
I feel sorry for those folks that had their info released. I truly hope nothing comes of it
There was a time when SSNs were often easily viewable in public records. The difference now is the internet; ease of transferring large amounts of information electronically. SSN was never intended to be private nor used as a universal identifier, which it is not, since some SSNs are in use by multiple people.
Credit monitoring, while better than nothing, adds no real protection. It's a PR ploy to placate the public, since most often one can't win a money judgement against an organization that leaks data unless a measurable financial harm has occurred. Often it's a financial institution that suffers losses, not the consumer directly so that often rules out the ability of prevailing in such a lawsuit.
Until the laws change, it will be more of the same: Sorry we leaked your data, but we value your privacy ... oh, and here's a year of free credit monitoring (p.s., renews automatically for $19.95, if you missed that checkbox and provided payment information when signing up). Good luck!
In my view, a more immediate concern for the people in the Iowa Lottery winners list, even despite SSNs now removed, is simply their full name, and, presumably, along with address or city, being revealed. Sure Iowa Lottery winner information may have always been considered public, but now it's easily viewable by most anyone through their web browser. Makes it very easy for those living near those winners to take advantage, such as targeting them for burglary, financial scams, or heck just outright begging for money; friends and family they didn't know they had coming out of the woodwork.
Notice that NEXT YEAR Medicare card will be sans SSAN. I mean the privacy law is from 1974 and the feds just implementing this?
At work our hours worked were just left laying on a table with SSAN right on it. Then they had a survey and told them I'm a member of the ACLU and this is illegal. Let me assure you within two weeks the SSAN was gone and we were given unique ID's.
The best thing to do, which we did a long time ago is get a security freeze. We did 2 out of 3 credit reporting agencies. It costs $10 in KY, some states are even free.
.
About the story:
I hate this like you don't know.
I want to say "That figures. Why am I not surprised?".
It goes along with what I know (or what I'm reasonably sure) can be found in The Bible -
about the last days and such. . . .
about how people will basically not give a s____ about anyone else. And that goes for peoples'
property as well. . . . (like whoever in Iowa was "at the controls" and responsible, etc.),
about not respecting laws, rules, etc. and not setting such things to a higher priority. . . .
Of course we've seen many other stories on here where people gained unfair advantage of others and the game systems they were able to actually manipulate for unfair gains.
It's why I can't bring myself to trust anyone, anymore.
The response from the Iowa lottery is typically. What they saying is" we sorry". We promise not to do it again. Scout's honor! Did we say we sorry? Thanks players.
Just another big, fat reason to always stash away large sums of money in a trust, preferably an offshore trust because you don't need to have an SS number associated with it.
Please DON'T DO that offshore thing. IRS has really been cracking down on this. They even strong armed Switzerland (Schweiz) into revealing the US citizens who had secret bank accounts there. I wish they flipped them the middle finger.