KENTUCKY (WEHT) – The Kentucky Energy and Environment Cabinet (EEC) announced they discovered a data security breach on September 8, 2021. According to EEC, unredacted mining permit applications containing some mine owners’ and controllers’ personal information was available for public inspection at Department of Natural Resources’ field offices and on an EEC hosted website.
Internal EEC policy requires redaction of certain personal information including Social Security numbers before permit information is made publicly available. According to officials, some unredacted permit materials were available since sometime in 2015 at public reading rooms located at DNR field offices, and since January 16, 2021 on a public internet database maintained by EEC.
EEC discovered the security issue on September 8 and disabled access to the files. They were unable to determine whether personal information was accessed or downloaded during the time it was available. Officials say that out of an abundance of caution they are notifying impacted individuals through personal communication and by notifying the media.