Kentucky Energy and Environment Cabinet Announces Data Security Breach – Community News
Social Security

Kentucky Energy and Environment Cabinet Announces Data Security Breach

KENTUCKY (WEHT) — The Kentucky Energy and Environment Cabinet (EEC) announced it discovered a data security breach on September 8, 2021. According to the EEC, unedited mining permit applications containing personal information from some mine owners and controllers were available for public inspection at the Department of Natural Resources field offices and on an EEC-hosted website.

EEC’s internal policies require that certain personal information, including Social Security Numbers, must be edited before licensing information is made public. According to officials, unedited licensing materials had been available in public reading rooms in DNR field offices since sometime in 2015, and in a public internet database operated by the EEC since January 16, 2021.

EEC discovered the vulnerability on September 8 and disabled access to the files. They were unable to determine whether personal information was accessed or downloaded during the time it was available. Officials say that as a matter of great caution, they are informing the affected individuals through personal communications and by notifying the media.