Free credit monitoring sign-up falters, despite Georgia data breach

Fewer than 10,000 people have signed up for the free credit monitoring the state offered after a massive data breach in the Georgia Secretary of State's Office exposed the personal data of more than 6 million registered voters.

As of Monday morning, 9,545 people had registered with the Austin, Texas-based CSID — the data protection company the state hired last month to provide voters a year of free credit and identity theft monitoring services, costing the state $1.2 million.

All Georgia voters whose data were exposed in the breach are additionally eligible for identity theft restoration services if their identity is compromised over the next year.

To sign up for the services, go to www.csid.com/gasos/.

The personal data released in the breach — including Social Security numbers, birth dates and driver's license numbers — appear to have been inadvertently sent out in October to 12 organizations that regularly subscribe to "voter lists" maintained by the state.

The groups receiving the data — delivered via compact discs — included state political parties, news media organizations and Georgia GunOwner Magazine.

Secretary of State Brian Kemp has said all 12 data discs have either been recovered or destroyed. Kemp has blamed the actions of a single employee, whom he fired after the breach became public. But records reviewed by The Atlanta Journal-Constitution show the problem was deeper than he has acknowledged, revealing a business culture that ignored written policies for the sake of expediency.

The state agency has published on it website an official notice of the breach as required by state law, and it has staffed a hotline about the breach at 404-654-6045. But some voters said the state needed to be more proactive about telling voters that monitoring was available.

Michael Carlin, a business owner in Cobb County, said the office has not done enough to tell voters about the breach and the availability of credit monitoring. Big companies such as Home Depot and Target informed customers of their breaches by mail, he said, and the state should, too.

“I think that’s an appropriate way to respond to a data breach of this magnitude,” he said.