PITTSBURGH (KDKA) — The first time school speech language pathologist Alyse Baker knew of a possible data breach was when she received a form letter from MY ID CARE on Tuesday.
“I thought it was just an advertisement for another insurance company,” Baker told KDKA money editor Jon Delano on Thursday.
It looked like junk mail, but Baker opened it and saw the words – “Notice of Data Breach.”
‘There’s that sinking feeling and, oh no, that goes with it because this is such an event,” she said.
Turns out, a state Administration Department employee inadvertently left the names, addresses and social security numbers of 330,000 teachers accessible to anyone on the Education Department’s Teacher Information Management System (TIMS) for a short period on Feb. 22.
While there is no evidence yet that information was used fraudulently, the Department of Education — without telling the teachers directly — hired a Canadian company to provide free credit monitoring to the teachers for a year.
What really bothers the teachers is that it took the state nearly a month to let them know of a possible breach and then they didn’t get notice from the state.
Instead, they heard from a credit monitoring company that many thought was a scam.
“There are all sorts of scams, so that occurred to me, too, especially since the envelope was so bland looking,” says Baker.
Pennsylvania Rep. Dan Miller, of Mt. Lebanon, a member of the House Education Committee, says he wasn’t told either.
“There’s no doubt whether it’s state, federal, or county, whether it’s private businesses, whether it’s Facebook, people have an issue with safety,” says Miller. “With that should include a right to expedient knowledge that there’s been a hack of your information or breach of your privacy.”
The Education Department says its website does tell everyone that a credit monitoring company is mailing notification letters, but most would never see that.
“I would have appreciated — they have emails for all of us — a quick note,” says Baker.