Ten months later, Memphis Police Dept. first notifies people of data breach?

Melissa Moon reports:

A security breach at the Memphis Police Department may have compromised the personal information of thousands.

It happened nearly a year ago, but those at risk are just finding out about it.

Memphis Police say in April of 2013 someone hacked into a database system used to search for people, residences, and vehicles and had access to personal information, like social security and driver’s license numbers.

Read more on WREG.

Is the MPD really claiming it was a hack? How odd, considering in May 2013, they were saying that it was a “glitch” in their system. As WMC-TV reported on May 10, 2013:

– A major glitch in a Memphis Police Department database is leaving sensitive personal information available for anyone to find on the worldwide web.

A woman, who wished to keep her identity private, said a friend sent her text messages of screen grabs from a Google search of her information online. Also, it included names, addresses, phone numbers, and social security numbers for her entire family.

“It has been chaos,” she said. “My momma should’ve never been out there. I should’ve never been out there. My whole family should’ve never been out there.”

If a user typed in specific terms, Google returned results pulled from police incident reports in the database.

“We had a glitch in our system,” said MPD public information officer Karen Rudolph.”We immediately shut down the system. Our officers aren’t even utilizing it now. And, we’re working on it to make sure that more security measures are taken.”

The information is public records, which are available at a price at central records inside 201 Poplar.

Memphis police do not want any of it online.

MPD will not release how many were affected.

They sent a list to the credit bureau. Also, MPD is working with Google to clear the information from the web.

So… what happened last year? A hack, or a glitch, or were there two incidents?

What a confusing breach disclosure and notification. If they sent a list to the credit bureau in May 2013, why didn’t they notify those affected back then? Why notify them now and offer them free credit monitoring services now? And why are SSN available for purchase under public records requests, if they are?

Hopefully Memphis media outlets will get some answers and clarification about the incident and the MPD’s handling of it. I was intending to try to contact MPD through their website, but it says it’s “down for maintenance.” Hmmm.

About the author: Dissent