Social Security numbers released in SLO County data breach

March 3, 2017

The San Luis Obispo County Clerk-Recorder’s Office released 12 individuals’ Social Security numbers to two private title companies. Ten of the 12 individuals whose Social Security numbers were released are SLO County residents. [Tribune]

Clerk-recorder’s office officials say the Social Security numbers were released inadvertently, and a technical error caused the breach. When the county updated a computer program for its recording system last year, a feature that would have redacted the personal information during an export process was accidentally not set, causing full Social Security numbers to be revealed, Assistant Clerk-Recorder Elaina Cano said.

Title companies MPI and Personal Insight have subscriptions allowing them to receive all recorded official public records from the clerk-recorder’s office. MPI and Personal Insight have long purchased images of county records for examination by title insurers, mortgage industry workers, financial institutions and credit agencies.

The Social Security numbers that were released were only revealed in data exported to MPI and Personal Insight. The confidential information did not appear at the county clerk-recorder’s office’s public terminals.

Officials have since corrected the program settings.

Officials notified each of the 12 people affected and urged them to monitor their credit reports, Cano said. MPI and Personal Insight were likewise notified and were told to destroy all copies of the unredacted documents.

Inline Feedbacks
View all comments

Doubtful this would have happened under Julie Rodewald, a highly competent and ethical governmental servant.


The only good news is that it was Title Insurance companies, who in California are generally escrow holders and are required to report tax information regarding their clients’ activities to state and federal authorities, i.e. they already have strict protocols in place for protecting social security numbers.

That’s OK, it was a government agency, so no one will be reprimanded, held responsible, fined, sued, or fired.

Let’s see what the government does when a private sector company does this.

In all fairness, when the IRS was hacked in 2015, millions detailed personal info was sold and has been used to scam the Fed and some states (who do not charge for e-filing) out of TRILLIONS of dollars. Amazing we don’t hear about this… it’s been continuing for years, and the IRS only admitted to about 1 million people’s info, but that’s not how their servers work, but since no one ever pressed them on anything, that’s how it stands.

Personal information should not be given to anyone for this reason. My 85 year old mom gets calls every day from scam artists and some actually talk her into wiring money. The aged are big business and it can be very difficult to stop if the aged does not want to surrender their control. Unfortunately the government does not help with this, even the people you hire ultimately want a percentage instead of a fee. 9-11 continues to riddle it’s way into our lives by requiring the surrendering all personal information which then gets to the public. Yes the public, almost like having a self-service cash register that holds your money.

This was not a “Technical” error, it was a process that was not tested before launch. I am in the document delivery industry and this was a rookie mistake.

All software’s do what the operator tells it to do, that’s why you run it in a beta environment before launch.

You mean like print ONE copy before sending a batch job?! That seems to be asking too much. Not like a bunch of bottom-feeding leech companies got the info, who make their living selling information and marketing personal data gleaned from the public databases…

Oy vey!