CINCINNATI — About 2,000 current employees and their dependents, plus an unknown amount of former employees, for the City of Cincinnati were impacted by a data breach involving census data, said Rocky Merz, the city's director of communications.
The city discovered on April 19 a Request for Proposal (RFP) for dental and vision services inadvertently included census data and posted it on the city's procurement websites. The RFP was originally posted April 8.
Both personal information and protected health information — including names, home addresses, demographics and insurance information — were shown in the census files. In some cases, Social Security numbers, dental claims and dates of birth were also breached.
Per the city, credit cards, banking and test result information was not released. The breach only affected those with vision and dental insurance through the city, so AFSCME, FOP and those without that insurance are in the clear.
"This was not the result of a cybersecurity breach, and the City has no reason to believe any information was actually compromised or misused," the city said in a press release. "However, the City is approaching this with an abundance of caution as privacy is of the utmost importance."
As a result of the breach, the city is reviewing its policies and processes for RFPs and sensitive information training. The city will also be implementing additional training.
Merz said there is no indication that anything like this has happened previously, but the city is taking measures to avoid incidents in the future.
Additionally, the incident is being reported to the Department of Health and Human Services.
FCC Chairwoman pushes for change in waiting period for data breach reporting
Push for tighter cybersecurity has side effects for workers, shoppers
Cybersecurity expert provides tips for keeping your kids safe online