TROY, Virginia. The Fluvanna SPCA has accidentally breached the names, addresses, phone numbers and social security numbers of 1,675 people online. In all, nearly 6,000 individuals who adopted a pet from the Fluvanna SPCA prior to 2007, owned a pet which stayed at the SPCA, or found a stray may have had their name, address, phone number and other personal information exposed online.
The SPCA has pledged to take "the necessary steps to address this information breach," which may include attempting to notify those whose social security numbers were exposed. Importantly, the SPCA no longer collects sensitive personal information from clients, and specifically purged all social security numbers several years ago. The breached records were old, forgotten backup files from prior to the purge. The volunteer responsible for the maintenance of the FSPCA's computers inadvertently made backups to his personal area on his employer's FTP server at the National Radio Astronomy Observatory (NRAO), which was unencrypted. The NRAO did not have any direct involvement in the breach. The information was removed from the FTP site immediately upon notification of this issue, and is no longer available.
The Excel files and Access databases were posted on a public, unencrypted FTP site without a firewall, and no password, and was accessible through a Google search for an unknown period of time. Between January, 2007 and late October, 2010 the files were theoretically available to anyone in the world with an internet connection.
The information on this page was compiled by the Liberty Coalition, which bears sole responsibility for its accuracy.