Disabled Delawareans' Personal Data Ends Up in Student Project

A recent Delaware Department of Health and Social Services data breach resulted in the private data of hundreds of disabled Delawareans' being included in a student project. 

Data included in the breach included full names, birth dates, primary diagnosis, and county of residence. 

The breach occurred when four students from the University of Delaware contacted a Delaware Division of Developmental Disabilities Services (DDDS) provider. The students reached out to request data for a project that aimed to use geo-mapping to detect gaps in the services received by DDDS recipients. 

A DDDS employee who emailed out information in response to the students' request neglected to anonymize sensitive data. Their slip-up caused the private information of 350 recipients of DDDS support to be exposed.

The data breach was only discovered when the unwitting students included the sensitive data in a presentation on their senior project, given via Zoom on May 8.

According to WDEL, those affected by the breach were notified by letter. Dated June 29, the letter stated: "For the purposes of the project, the UD students requested information about service recipients living within a specific geographic area, as well as basic demographic information such as age range and disability status. In response, a DDDS staff person sent information, via email, to the four students on April 9, 2020, for use in their final project."

The information emailed to the students included highly sensitive data that the department admitted shou ..

Support the originator by clicking the read the rest link below.