Casey Calls on EPA to Explain Breach and Delay in Notifying Residents
WASHINGTON, D.C. – U.S. Senator Bob Casey (D-PA) today urged the U.S. Environmental Protection Agency (EPA) to fully explain how confidential information of some Pennsylvania residents who live near Superfund cleanup sites in Montgomery, Berks and Luzerne counties may have been leaked. Information possibly leaked include Social Security numbers, bank routing numbers and home addresses, putting residents at risk of identity theft.
“Putting Pennsylvania residents at risk of identity theft is inexcusable,” Senator Casey said. “The EPA must fully explain this breach, account for its delay in notifying affected residents and assure my constituents that measures have been taken to prevent this from happening again.”
The EPA has notified some residents near Superfund cleanup sites in Oreland of Montgomery County, Hazleton of Luzerne County, plus Heidelberg Township and Hamburg of Berks County, that their information may have been compromised. In his letter to EPA Administrator Lisa Jackson, Senator Casey calls on the agency to fully explain the breach and the steps it is taking to prevent future leaks.
Senator Casey also expressed concern that the EPA took four months from the time of the breach to notify affected individuals.
“Most concerning to me is the apparent delay in notifying affected individuals that their information may have been exposed. Incidents of identity theft often require substantial time and resources to resolve, making it critical that individuals at risk for identity theft be notified as soon as possible when data breaches like this occur.”
The full text of Senator Casey’s letter to Administrator Jackson is below:
October 1, 2012
The Honorable Lisa P. Jackson
Environmental Protection Agency
Ariel Rios Building
1200 Pennsylvania Avenue, NW
Washington, DC 20460
Dear Ms. Jackson:
I am writing to express my concerns about a recent data breach at the Environmental Protection Agency (EPA). I have been told that this breach may have resulted in the release of more than 200 Pennsylvania residents’ confidential information.
It is my understanding that in March 2012, a data breach exposed the personal information of many EPA employees and private citizens—almost 8,000 people in total. This breach exposed information including Social Security numbers, home addresses, and bank account information possibly putting these individuals at a serious risk of identity theft.
I understand that the EPA has been working to assist those individuals whose data may have been compromised, including establishing a telephone hotline and offering affected individuals a year of free credit-monitoring services. While I appreciate these efforts, I remain troubled by the incident. Most concerning to me is the apparent delay in notifying affected individuals that their information may have been exposed. Incidents of identity theft often require substantial time and resources to resolve, making it critical that individuals at risk for identity theft be notified as soon as possible when data breaches like this occur.
Unfortunately, it is my understanding that those affected by the March 2012 breach were not contacted until more than four months after the incident occurred. I request that you please provide me with an explanation of this delay, as well as what steps the EPA is taking in order to prevent these types of breaches in the future.
Thank you for your attention to this request.
Robert P. Casey, Jr.
United States Senator