Georgia Secretary of State Brian Kemp plans to hire top auditing agency Ernst & Young to review his technology department in the wake of a data breach that exposed private information of more than 6 million voters. In a statement sent out after 6 p.m. Friday, Kemp also acknowledged a “similar but more limited” incident occurred in October 2012. According to emails obtained by The Atlanta Journal-Constitution through an open records request about that incident, 12 voter registration lists containing sensitive personal data were sent out to people in 15 counties. But Kemp’s statement said “all of the information was recovered at the time.” News of the most recent incident became widely known Wednesday, when the AJC wrote about a class-action lawsuit alleging a massive data breach in the Secretary of State’s Office.
Kemp has fired an IT employee over what he called a “clerical error.” According to Kemp, the employee inadvertently added the personal data including Social Security numbers and birth dates to a public statewide voter file before it was sent out last month to 12 organizations who regularly subscribe to “voter lists” maintained by the state.
The groups receiving the data — delivered via compact discs — included state political parties, news media organizations and Georgia GunOwner Magazine.