IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Maryland Grapples with Exposure of 78K Personal Records

Two databases used by the state’s Department of Labor may have been accessed by unauthorized users, potentially exposing the names, Social Security numbers, addresses and personal information of thousands.

Maryland officials have reported that the personal information of 78,000 residents was recently exposed during a cybersecurity incident. 

Two different databases with the state’s Department of Labor were potentially made available to unauthorized users, exposing the first and last names, birth dates, Social Security numbers, addresses and other personal information, the office reported Friday. 

The department's affected databases — the Literacy Works Information System (LWIS) and a legacy unemployment insurance service database — became the subject of an investigation by the Maryland Department of Information Technology (DoIT) earlier this year, after Labor officials voiced concern about a potential breach, the department said in a Friday press release. 

In addition to contacting law enforcement, DoIT hired an independent expert to look into how the breach occurred. The investigation did not appear to reveal any misuse of the data, labor officials said in the release. 

The Department of Labor could not comment on when or how the breach occurred, or when officials first became aware of it, said Fallon Pearre, director of communications for the department, said Monday.  

The department is now in the process of reaching out to those affected by the incident, while also offering them two years of free credit monitoring. An overview of the Department of Labor's security protocols has also been conducted to ensure similar events do not occur in the future. 

Public knowledge of the breach comes on the heels of the city of Baltimore's recent ransomware attack, an incident that has highlighted a need for increased cybersecurity investment and preparedness on the part of governments across the country.  

John Evans, Maryland’s Chief Information Security Officer, said in a statement that the state would work to make sure similar incidents did not occur in the future. 

“Maryland is working to ensure its cybersecurity strategy and policy are in alignment with best practices and the latest federal standards and guidelines,” he said. “We are working with the Department of Labor to minimize the impact of this breach, and to prevent future misuse of state systems.”

Lucas Ropek is a former staff writer for Government Technology.