A Department of Labor employee has been fired for stealing personal data from the department's unemployment insurance system. According to a Department of Labor news release, the employee improperly had possession of 39 people's names and social security numbers.
In addition, the employee, who wasn't named in the release, had 41 social security numbers that weren't associated with names.
"Vermont State Police are still examining the material seized in the search [of the suspect's home], including data on the employee's home computer and from her Internet provider, but have not yet identified any transfer of data to other persons or entities," the release said.
As a result, the release said officials believe "that the risk of identity theft arising from this incident is minimal," according to the release.
Vermont State Police spokesperson Scott Waterman said Friday that there is an ongoing criminal investigation into the case, but authorities have not brought any charges.
Derpartment of Labor Commissioner Annie Noonan emphasized Friday that the incident was not the result of a breach of any of the state's computer systems. She said the employee was allowed access in official capacity, but was not supposed to bring that data out of the workplace.
"The department will review its procedures and policies already in place prohibiting unauthorized acquisition of such data and will take any additional steps identified to strengthen its protection," the release said.
Noonan said she is confident in the existing policies, but wants to be sure.
"Our legal division will be training all of our employees once again just to make sure that we haven't missed anything," she said. "And to make sure that we are fully aware, and can say with absolute surety that every one of our employees has been trained to the fullest extent of every policy and there is no question out there, no ambiguity with regard to what our expectations are."
Noonan said the department has about 320 employees; roughly 120 work in the unemployment insurance division.
U.S. Department of Labor policy requires the Department of Labor to notify all individuals and businesses identified as having their information compromised. The release said those people and businesses will receive a written notice in letters sent out no later than March 28.