MILWAUKEE, WI – The president of the Milwaukee firefighters union says the personal information of numerous members of the department has been compromised in the wake of the data breach involving Dynacare Laboratories.
David Seager, president of the Milwaukee Professional Firefighters Association Local 215, wrote in an email to aldermen that while the bulk of the blame of a data breach belongs to Dynacare, the city should be held responsible for providing personal Social Security numbers to the health care providers.
Information on thousands of city employees and their spouses or domestic partners was involved.
“While the circumstances surrounding Dynacare are horribly disastrous, it does not excuse the fact that our Social Security numbers were relinquished,” Seager wrote.
Contacted Friday, Seager said he was not at liberty to detail how the personal information of some firefighters had been compromised.
He wrote in his email that firefighters were “fighting to restore their credit.”
Jeff Fleming, a city spokesman, said the city was not aware of any attempt to compromise an employee’s personal information.
The data breach involved Dynacare, which works with Froedtert Community Health/Workforce Health to operate the city’s wellness program. Dynacare told city officials Nov. 15 that a car owned by a Dynacare employee was stolen overnight on Oct. 21-Oct. 22, and reported stolen Oct. 22.
The car contained a flash drive with the personal information of 9,414 city employees, their spouses and domestic partners.
The personal information included the names, addresses, dates of birth, Social Security numbers and gender of an estimated 6,000 city employees.
The flash drive also had the names of more than 3,000 spouses and domestic partners of those workers.
The flash drive has not been recovered.
Since the disclosure, the city has announced plans to file a federal complaint with the U.S. Department of Health and Human Services’ Office of Civil Rights, alleging Froedtert and Dynacare violated federal security and privacy requirements.
Dynacare also is conducting its own investigation.
In addition, a Milwaukee firefighter and his wife have filed suit in Milwaukee County, seeking unspecified damages.
Lawyers for the couple say they will seek class-action status on behalf of other city employees.
In his email, Seager expressed his disappointment with Mayor Tom Barrett’s administration in handling the data breach and the release to Froedtert of Social Security numbers.
The missing flash drive contained unencrypted information of a highly sensitive nature.
The city has said it gave the personal information to Froedtert in a secured and password-protected form.
Barrett has said the city will find a way in the future to not use Social Security numbers as a means of employee identification.
On Friday, Barrett said the city’s wellness committee, composed of employees from different city agencies, was part of the decision-making process for the wellness program.
“There clearly was a need for an individual marker, if you will, for the people who get into the system,” Barrett said. “And, working with the Department of Employee Relations, the decision was made to use the Social Security number. I think moving forward we will move away from that, there’s no question about it. We’ll use a different identifier.”
Seager also complained that the Dynacare offer of a one-year free membership in an identify protection program was not enough.
“While the one-year term is a start, it appears to me and all of my members that this is nothing more than a get-out-of-jail free card,” he wrote. “It is vital, not just to my membership but to the entire city workforce, that the leadership of the city pursue a lifetime program via Dynacare Laboratories.”
A Dynacare spokesman did not respond to a request for comment.