Connect with us


Data breaches impacted millions of Alabamians, study notes

Eddie Burkhalter



Between 2014 and 2018, the U.S. government saw 440 data breaches, according to a recent study. Alabama state offices during that time were breached at least five times, with 1.4 million residents’ personal  information impacted. 

The worst year for those data breaches was 2018, according to the report by Comparitech, a U.K.-based technology website that reviews tech services. Last year, there were at least 100 such breaches of government records which involved 81.6 million records, according to the report. 

In February 2017, a hacker broke into the Kansas Department of Commerce website and accessed more than 5.5 million social security numbers and other data from 10 states, including Alabama, according to news accounts at the time. The breach of America Job Seekers Alliance website resulted in the breach of 1.4 million social security numbers of Alabamians being exposed. 

In 2017, a spear fishing attack targeted an employee of the Alabama State Port Authority that resulted in the breach of data on 780 individuals. 

In July 2016, a Mobile woman visiting the Retirement Systems of Alabama’s website noticed that she was able to see the personal health information of hundreds of others. She notified the FBI and the RSA later stated that the website was undergoing maintenance when the problem was discovered. 

In July 2014, the personal information of 2,300 patients from the Lyster Army Health Clinic at Fort Rucker were left in a recycling bin without having been shredded. 

In 2014, the Alabama Department of Mental Health announced that more than 500 people who visited state department offices had their personal data breached, possibly by former department employees. 


Not listed in the Comparitech report is a 2018 attack on the state’s cloud computing network, which was announced in December 2018 by the state Office of Information Technology. The office at the time asked state employees to change passwords and that the attackers’ IP’s addresses had been identified and blocked.





The V Podcast