Georgia Secretary of State Brian Kemp said he plans to hire a top-tier auditing firm to conduct a review of his office after it accidentally released personal information of more than 6 million registered voters last month.
In a press release, Kemp said he’s in the process of contracting Ernst & Young to complete the investigation.
Kemp’s office is required by law to issue voter information to media outlets and political parties that request it. The voter file includes full names and addresses, but is not supposed to contain identifying information, like Social Security numbers.
In October, Kemp says, an information technology employee in his office inadvertently included that information in the file, which was distributed on CD ROM to 12 recipients.
Kemp said he can confirm all 12 CDs have been retrieved or destroyed. He said a similar, but limited, situation occurred in 2012, when an Oconee County voter registration list was sent out with personal information. Kemp said that information was recovered and new, secure systems were put in place.
In an email to WABE, Kemp’s office said it was notified of the breach on Nov. 13 by a media outlet. Kemp said he “immediately took action” and retrieved the information. However, his office didn’t make any public comments about the incident until several days later, after two women filed a lawsuit over the error.
Kemp is required by law to notify voters their information was shared. His office has posted a notice on its website, as well as, a hotline for voters concerned about their credit. His office said it has also informed credit agencies about the breach, which is also a legal requirement.
WABE brings you the local stories and national news that you value and trust. Please make a gift today.