Details on Georgia’s massive data breach due Friday

The internal investigation of Georgia's massive data breach exposing the Social Security numbers and other sensitive data of more than 6 million voters could be finished by Friday, Georgia Secretary of State Brian Kemp wrote in a private letter to lawmakers.

“We hope to release a finalized report on our findings at the end of this week,” Kemp added in the letter, a copy of which was obtained by The Atlanta Journal-Constitution.

Kemp has said a “clerical error” caused the breach, although the public release of the internal report would be the first full accounting from his office of what happened.

One version of events leading up to the breach has come from an IT employee fired by Kemp for the gaffe. That worker, longtime state programmer Gary Cooley, has disputed Kemp's version of events and told The Atlanta Journal-Constitution he did not have the security access to add millions of Social Security numbers and birth dates to a public data file.

Cooley instead outlined a more complicated series of missteps and miscommunication, both within the office and with PCC Technology Group, an outside vendor tasked with managing voter data for the state.

Officials discovered the breach Nov. 13, a month after they had mailed compact discs to 12 organizations that regularly request data updates to the state’s public voter files. The sensitive data appears to have been accidentally added to the discs.

Kemp has said all 12 data discs illegally disclosing the private information have either been recovered or destroyed, and that the data were not disseminated. Last week, he announced plans to offer voters a year of free credit and identity theft monitoring services.