Tennessee city employees’ personal info inadvertently exposed online for nearly one year

The personal information for approximately 1,470 Knoxville, Tenn., employees was inadvertently posted online and left there for nine months, city officials revealed on Jan. 17.

The personal information of workers employed as of Feb. 1, 2018 was accidentally posted on a procurement website, according to Knoxville TV station WVLT. The information included information including employees’ names, addresses, birth dates, genders and social security numbers.

The information was posted as part of a procurement process for health insurance, Knox News reports. However, no clinical or health plan claims were included among the personal information posted.

“If you think of a spreadsheet, there was a tab with some information. We didn’t realize it was included with that. That’s how it happened. That had been reviewed by our folks in a couple of different departments, and it was kind of a hidden tab that was hard to see,” Knoxville COO David Brace told Knox News.

Officials didn’t discover that the information had been posted until Jan. 8, 2019, WVLT reports. However, the information was immediately removed from the site.

No disciplinary action has been initiated yet, Knox News reports. City officials are reviewing procurement processes for services that require demographic information. Brace told Knox News that the city won’t use spreadsheets moving forward.

The city is now offering employees free identity theft protection, credit monitoring and restoration services, ABC affiliate WATE reports.

“As someone whose personal information was also posted, I share the concern that such misuse could occur. I want you to know that the City is working hard to help everyone who is affected by this error,” Knoxville’s deputy to the mayor and COO, stated in a notification letter, according to WATE.