The personal information of thousands of Kansans was released by mistake.
The Department of Aging and Disability Services says it became aware late last month that an employee sent an unauthorized e-mail with the information to its business partners.
According to the department, the e-mail contained Social Security numbers, Medicaid Identification numbers, and other personal information of 11,000 Kansans.
The department said it has no evidence the information was misused or disclosed publicly. It said agreements prevent the partners from disseminating the information.
“My understanding at this point is that the breach was very limited in scope and it was all kept contained,” Gov. Jeff Colyer told reporters Thursday.
News of the breach came minutes before representatives in House debated two cybersecurity bills.
One bill would hold agency heads accountable for any breaches.
“This will make sure that agency heads realize that they are responsible for the protection of consumer information that they hold,” said State Rep. Keith Esau, R-Olathe.
“It’s a baby step in a path forward, we need to do so much more,” explained State Rep. Jeff Pittman, D-Leavnworth.
Pittman points to a cyber breach last year when hackers stole millions of Social Security numbers from the Kansas Department of Commerce’s data system.
“We had to go out and notify all the people who were breached and that costs money. And then we have to offer, for those who want it, a year’s worth of credit protection,” said Pittman
Pittman explained credit protections can cost the state millions of dollars.
“Not everyone took advantage of that so we weren’t on the hook for $6 million or more, it was only about $1.2. But that still costs us money and that’s going to grow,” he said.
Lawmakers say as the world becomes more and more digital, finding ways to protect people’s personal information becomes more difficult.
“We want to stay on top of security threats,” said Esau.
A KDADs spokeswoman said the employee involved in the mistake has been let go from the department. All consumers whose information was released will receive a letter of explanation from KDADs.