Personal Information Accidentally Released by Secretary of State's Office

Attorney Jennifer Auer Jordan filed the complaint in Fulton County Superior Court on behalf of two women and is seeking class-action status.

Kemp's office regularly provides an updated voter file to statewide parties and media, as allowed by Georgia law. "On account of a clerical error where info was put within the wrong file, 12 recipients received a disc in that contained personal identifying info in that ought to not have been included".

Nine of the 12 discs were physically retrieved by investigators, according to Kemp's office. Others can pay a $500 fee to get a copy of the file.

Kemp said all of that information was also recovered but said that the breach "exposed that the long time IT [information technology] bureaucracy in the agency was broken".

The information, including dates of birth and driver's license numbers, is far more valuable to criminals than the bank card information that has been stolen in several recent high-profile cyberattacks against retailers such as Target and Atlanta-based Home Depot.

Kemp also announced that the employee deemed at fault for the information leak had been fired, adding that his office had put in additional safeguards aimed at preventing such future releases of voter information.

Typically, the state releases include only names, addresses, ethnicity, gender, registration date, last voting date, and the political party primaries in which they voted.

He says only one employee will be able to download voter data from a secure site. Ryan Mahoney, spokesman for the Georgia Republican Party, said staff from Kemp's office picked up an unopened disc from the party's headquarters.

The secretary of state did not detail how it was able to confirm that the data hadn't been copied.

"Data security is a primary concern across our country and here in Georgia", said state Rep. Scott Holcomb, D-Atlanta.

An Georgia state IT worker was sacked after being held responsible for 6 million voter records being compromised.

October 13 - The Secretary of State's Office distributes compact discs containing that information to 12 groups in the media or other third parties. He said Thursday afternoon Kemp's office had apprised him of the situation and that the release of the information had simply been human error.

"There need to be controls before data is released, whether it is assembled in-house or not", he said.

The breach, which the suit says happened internally because of lax controls in Kemp's office, would be one of the largest ever by a state.