“On Nov. 10, 2015, while in the process of preparing a limited number of DVDs for secure destruction, RITA discovered that one DVD case was empty and the DVD missing,” the statement said.
An investigation revealed that the DVD was part of a former system back-up process and contained copies of income tax documents submitted on or before June of 2012.
It might have contained names, addresses, Social Security numbers, and dates of birth of approximately 50,000 individuals statewide.
That represents about two percent of the tax accounts handled by RITA, the organization said.
RITA collects and administers income taxes for municipalities in Ohio who don’t want to staff their own tax department.
In Clark County, Catawba, South Charleston and Tremont City are members. In Champaign County, RITA collects income tax for the villages of Mechanicsburg, Woodstock, St. Paris and North Lewisburg.
Larger cities like Bellefontaine and Fairborn also use the service.
All member municipalities were notified of the incident on Dec. 31, according to Amy Arrighi, chief legal counsel for RITA. The agency has also sent individual letters to everyone whose information may have been exposed.
They are offering free credit monitoring and identity protection services to those individuals through Experian.
No Catawba residents were affected, according to RITA, but letters were sent to fewer than 50 people each in Mechanicsburg, North Lewisburg, St. Paris and South Charleston.
Fewer than 10 people were possibly affected in Tremont City and Woodstock, Arrighi said.
The largest group sent letters in the area was in Fairborn, where RITA said up to 650 people might be affected.
Bellefontaine Mayor Ben Stahler said the city looked into the issue after being notified and was told by its RITA representative that the agency is confident the DVD was actually destroyed, but it had to send out notifications since they couldn’t be 100 percent sure.
“They have to treat it as if it might have been exposed,” Stahler said. “We didn’t lose any confidence because of this story… I do think they handled it right.”
In a question and answer section on its website, RITA said its policy when an unlabeled DVD is found is to destroy it by shredding. The agency believes that is likely what happened when this DVD became separated from its case.
The DVDs were being disposed of because the agency was moving to an improved data backup system, which should prevent any future incidents of this nature.
“We discovered the DVD was missing because we had already changed our backup system to a more secure process. This new process no longer requires the use of DVDs to backup this type of data,” RITA’s statement said.
Leaders in South Charleston, North Lewisburg and Bellefontaine all said they have not had any residents contact them about the possible breach. St. Paris and Catawba government representatives both said they weren’t aware of receiving any notification.
Most local municipalities reached about the incident said they were not provided with a number of local residents that may have been affected.
Bellefontaine only joined RITA recently so no tax returns from the city would have been on that DVD, but RITA informed them that one person who previously lived elsewhere and now resides in the city is on the list of individuals impacted.
North Lewisburg discussed the notice at a January council meeting and has worked to make is residents aware by posting it, Administrator Andy Yoder said.
“RITA’s been really good for the village,” he said. “There have been a lot of big companies that have had data (breaches) bigger than this.”
About the Author