The Pennsylvania Department of Corrections has notified state prison personnel of a possible security breach.
The DOC sent letters to employees, inmates and others stating that personal information may have been compromised through a third-party vendor, a Monday news release said. The vendor, identified as Accreditation, Audit and Risk Management Security LLS (AARMS), “provides an online system for the DOC to conduct, manage and track audits and inspections related to its accreditation and internal operations.”
AARMS lists its contact in Midway, Utah, according to its website, and states it provides government agencies a “comprehensive, affordable, state-of-the-art online system to manage audits, inspection and corrective action.”
The compromise occurred on April 3, the DOC said, adding that it was notified of the incident on April 9 by AARMS. The company reported that its system was accessed without authorization and “a portion of the data on that system was exported.”
Its unknown exactly what the contents of the data is, DOC said, but may include full names, driver’s license numbers, home addresses, Social Security numbers and medical information.
The DOC’s data was removed from the AARMS server immediately following the incident, the release said.
“Upon learning of this security incident, the Department of Corrections moved quickly to limit any potential harm to individuals and made contact with the authorities,” corrections secretary John Wetzel said in the release. The DOC has since contacted the authorities, including the Federal Bureau of Investigations, to obtain further information.
The DOC is not aware of any misuse of any individual’s information, the release said, and will be offering credit monitoring and protection for one year at no cost to all potentially affected individuals.
Two state prisons sit in Centre County, Rockview and Benner, both of which are in Benner Township. A representative at either prison could not be reached at the time of publication.