Georgia Secretary of State Brian Kemp assured lawmakers Tuesday that criminals don’t have the sensitive information of 6 million Georgia voters that was exposed in a massive data breach last year.
How does he know?
“I am no expert on data security, but my personal opinion is if that information had made it out to the bad guys, we would already have had some issues,” Kemp said. “I am very confident that information never reached the public domain.”
Kemp made the comments during an appearance before a joint hearing of the House and Senate budget committees.
The secretary of state was in attendance to talk about his office’s proposed budget for the upcoming year, but he knew coming in that he would have to address the data breach.
The personal data released in the breach — including Social Security numbers, birth dates and driver’s license numbers — appear to have been inadvertently sent out in October to 12 organizations that regularly subscribe to “voter lists” maintained by the state.
The groups receiving the data — delivered via compact discs — included state political parties, news media organizations and Georgia GunOwner Magazine.
Kemp said all 12 data discs have either been recovered or destroyed. Kemp has blamed the actions of a single employee, whom he fired after the breach became public. But records reviewed by The Atlanta Journal-Constitution show the problem was deeper than he has acknowledged, revealing a business culture that ignored written policies for the sake of expediency.
Kemp told lawmakers: “I take full responsibility. As soon as I discovered the problem I took immediate action.”
State Sen. Vincent Fort, D-Atlanta, a member of the Senate Appropriations Committee, questioned why the state retains Social Security and driver’s license information on voters after their information has been verified to be accurate.
Fort also questioned why Kemp’s office was offering only one year of credit monitoring and credit restoration to Georgia voters.
“The bad guys are going to wait a year and use that information,” Fort said.
Kemp responded that he’s confident “bad guys” never got the information. He said the data are held in a secure data center, and that the credit monitoring may not have been necessary because the information was quickly recovered.
He also told lawmakers, “I can assure you, with the policies we have in place, this will not happen (again).”
Kemp said about 10,000 people have signed up for the state-funded credit monitoring.
About the Author
