(Arvada, CO) – The City of Arvada announced today that it has mailed notification letters to approximately 900 individuals and businesses informing them that some of their personal information was inadvertently exposed on the City’s Web site as part of a public database. There is no evidence that the information was viewed or accessed, nor was this a “hacking” incident by an outside party.
“On behalf of the City, we recognize that our commitment to transparency and to providing wide access to public documents is also accompanied by an equal obligation to protecting non-public information,” said Arvada City Manager Mark Deven. “We take this matter very seriously, and deeply regret this situation occurred.”
In an abundance of caution, the City is making a variety of data security resources available at no charge to the affected individuals and businesses. The City has also strengthened existing data security policies and processes and trained City staff to further safeguard information.
As soon as City staff discovered personal information in a document that had been contained in a database management system accessible on the Arvada Web site on July 8, 2011, the City immediately began restricting public access and launched an extensive internal investigation.
The City retained data security, forensics and legal experts to aid in the examination of approximately 1.2 million pages, the vast majority of which did not contain any sensitive information, to ensure all sensitive information was identified and removed from the files.
Every individual who received a notification letter from the City of Arvada is being offered a free one-year membership to Experian’s ProtectMyID™ Alert, which includes a credit report, daily credit monitoring, identity theft resolution, and a $1 million identity theft insurance policy. The City also is making available information from data security experts and a toll-free call-in center staffed by specially trained representatives to answer questions.
The personal information was discovered in the Building Inspection and Community Development files that are a comprehensive history of construction and development activity in the City. Personal information involved included individuals’ names, dates of birth, Social Security numbers, and driver’s license numbers, and businesses’ federal or other ID numbers, and financial information.
In addition to staff training and the most recent review of the exposed documents, City officials said efforts are being made to expand existing technological safeguards and use of system audits to provide additional layers of preventive protection.
For more information about this incident, visit the Arvada Web site at http://www.arvada.org. You may also contact the toll-free privacy line at 855-770-0004. When calling, you will need to enter the following 10-digit reference number: 2490041112.