A "data breach" at WLNE-TV ABC 6 in Providence, RI has lead the the firing of four people in the news department, and the suspension of three others.
The breach of a confidential personnel file, first reported by GoLocalProv, took place on Friday, April 8.
WLNE vice president and general manager Chris Tzianabos sent a letter to both present and former employees of the station alerting them of the breach.
"On Friday, April 8, 2016, at approximately 10:20 p.m., it was discovered that a computer file, accessible only by select business office employees, was placed on WLNE - ABC 6's shared computer drive and then accessed by various WLNE - ABC 6 employees" Tzianabos said in the letter.
"The folder in question included the un-encrypted personal information of present and past WLNE employees, including their first and last names, in combination with one of more of their Social Security numbers, driver's license numbers, bank account and credit card numbers, employment contracts, employee evaluations and separation agreements. This breach was communicated to me by email shortly thereafter. I read the email at approximately 4:00 a.m. on Saturday morning, April 9, 2016, and I removed the folder in question from the shared drive shortly thereafter."
The letter continued saying that the station had contacted the Rhode Island State Police Computer Crimes Unit to investigate this breach.
Maj. Joseph F. Philbin of the Rhode Island State Police told the Providence Journal that Tzianabos contacted them on April 13 seeking guidance on how to determine if there had been "a breach" and, if so, who was responsible. Philbin said station management planned to conduct an internal investigation and then get back to state police.
The station fired evening news anchor Alexandra Cowley, along with a news producer, news editor, and news photographer. Three others, who were not identified, were suspended.
New England One reached out to both WLNE and Alexandra Cowley for comment, but have not yet heard back. We have also contacted the state police, and are waiting to hear back if the state police are still investigating this matter.
Sources inside the station tell New England One that someone found the folder in question, and shared it with others. We're told that the firings are related to the sharing of the files, and to participating in making others aware that the files were there.
Sources inside the station also tell us that the station didn't have any network security in place, and that the file or folder was probably on a network share somewhere, then moved to the stations shared drive where everyone could see it. However, some people at the station believe that those fired are being scapegoated by the station to provide cover for their lack of security of such confidential files.
The question now becomes why a file or folder with such confidential information exists in the first place. This is the kind of information that is only secure if it is in a user-specific password protected database or human resources program.
The fact that an unsecured file or folder full of confidential employee information exists in 2016 is something the station must answer for. They can try to blame employees who participated in sharing the information, or making others aware of it, but if the data was encrypted or otherwise protected in the first place, this would never have been an issue.
