CINCINNATI — Sensitive personal information of current and former city of Cincinnati employees may be vulnerable as the result of the city “inadvertently” placing it on a city website.

The leak resulted from a request for proposal that was posted for dental and visions services post on a city website. The RFP “inadvertently included participant census data.” 

Those files included personal information and protected health information of prior or current participants in the City’s dental and/or vision programs. Data included names, home address, demographic information, vision and/or dental insurance information, and in some cases, a person’s Social Security number, dental claims information and their date of birth, per the release from the city.

The city said the files didn’t include any credit card information, banking information or medical information such as test results or treatment records.

According to officials, the incident did not affect city employees who didn’t have dental or vision insurance through the city or members of Fraternal Order of Police or the AFSCME labor union. 

The city posted the RFP on April 8 at 4 p.m. They removed April 19 after they discovered the information online, per the city.

”This event wasn’t the result of a cybersecurity breach, and the city has no reason to believe any information was actually compromised or misused,” according to a memo from interim City Manager John Curp. “However, the City is approaching this with an abundance of caution as privacy is of the utmost importance.” 

On Friday, the City of Cincinnati sent letters to employees or former employees of the details related to two years of free credit monitoring services, as well as identity theft coverage.

“Upon learning of this, the City immediately launched an investigation and has taken every step necessary to address the incident,” Curp said in a statement. “The City is committed to providing impacted individuals the resources to protect themselves and their dependents, including credit monitoring and identity theft services.”

A city spokesperson said once discovered, "time was needed to investigate what had occurred. The incident was shared with all City employees a few weeks back while the investigation was underway." 

In its memo, the city recommended affected city employees “remain vigilant for incidents of fraud and identity theft” by reviewing account statements and monitoring free credit reports. They also recommended taking proactive measures, including setting up fraud alerts and security freezes. That information is available through the Federal Trade Commission (FTC) and credit bureaus. 

Curp’s memo said the city is reviewing its policies and processes for RFPs and sensitive information handling, and is implementing additional training from city staff. The city’s health care consultant will also apply additional protocols and training regarding information sharing practices, the memo said. 

The city reported the matter to the Department of Health and Human Services. 

No one will receive a call or email from the city about this matter, according to Curp’s memo.

The city advised current and former employees to be on the lookout for potential scam email campaigns or phone calls that may target current and former city employees. 

Guidance on recognizing scam emails is available on the FTC website. 

Anyone affected or who wants further information about this matter should contact the city’s benefits call center at 833-570-2110 Monday through Friday from 8 a.m. to 5 p.m.