Over a five-year period starting in 2008, two employees used personal e-mail accounts, personal online storage accounts and personal electronic devices for work purposes in violation of DHS policy, resulting in the transmission of confidential data outside of the DHS secure network.
The information exposed included names, mailing addresses, Social Security numbers, state identification numbers, birthdates, health information and incident information for child and dependent adult abuse cases.
The issue was discovered by a supervisor on January 17, 2014, and the DHS says that "[a]ppropriate personnel action was taken."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The chance that this information was accessed through these password-protected accounts and devices was small, but we realize the Iowans involved in these cases may wish to take steps to be sure their information wasn't misused," DHS service area manager Pat Penning said in a statement [PDF].
The Iowa DHS is offering free credit monitoring to all those affected. Iowa residents with questions are advised to contact (800) 447-1985.