ATLANTA -- 11Alive's Center for Investigative Action went undercover to expose how a state agency that you trust to protect your personal information is putting people at risk for identity theft.
Your private information, available for anyone to see -- tax returns, Social Security numbers, you name it. It may not have been intentional, but it needed to be fixed.
"It was a little disconcerting that my complete tax returns were on the computer," said Michelle Hogan.
Hogan alerted 11Alive News to it, after going to a DDS center in Marietta to get her son's driver's permit. She needed to use the public computer to access her account in order to print out her tax return to prove he was a dependent.
"Tried to delete it and wasn't able to off of the computer," she said.
She told 11Alive that a supervisor wasn't much help either, and that's why she contacted us.
We went in with a hidden camera and discovered all kinds of private and personal information on the computer for all to see.
"We've got pay stub information," said investigative reporter Ross McLaughlin, while looking at the documents file on the public computer. "There's a bank statement here."
How'd you like the whole world to see the $12,000 you've got in your bank account? It was right there just as you walk in the door. We even saw tax returns, Social Security numbers and all!
McLaughlin, along with producer Shawn Hoder, had not trouble finding it.
"What do you think of that?" McLaughlin asked a customer who was using the computer. "You see somebody's personal information is in here?"
"All kinds of it," the man responded, "looks like you can pull any of it up to."
The public computer was made available for customers who forgot the necessary identification documents, required under new Homeland Security rules.
"Of all places that you're supposed to have secure information, you'd think that the DMV would be the place to have it!" Hogan said.
All the sign on the door says is to close the browser. But some information is getting stored. What is supposed to be customer convenience is putting them at risk.
"Do you guys come in and periodically delete this at all?" McLaughlin asked the woman at the information desk.
"I try to delete it once a day," she said.
However, we found all kinds of private information, as much as two weeks old. Jennifer Ireland's pay stub with identifying information was there, and that's how we found her.
"Check that out. You know what that is?" McLaughlin asked.
"Yes. My pay stub," Ireland responded.
"Guess where that is?" McLaughlin replied.
"Where?" she asked.
"Sitting on the computer at the DMV" he said.
"Oh!" Ireland was stunned. "I specifically asked them ..."
She could hardly get the words out. She had asked the DDS folks to delete it.
"Yeah that makes me very unhappy, cause that's all my, I said that's very important information," Ireland said, taking a deep breath.
We found Ankit Patel's cell bill too.
"That makes me feel nervous now," Patel replied.
It wasn't just the Marietta location. We visited another DDS center on Roswell Road in Atlanta and found the sensitive information on another computer for all to use.
All we had to do was ask where the public computer was to look up identification information. They pointed us it, no questions asked.
Lease agreements, private loan information, even a copy of a Social Security card were all easily seen.
"Oh lovely!" responded a supervisor when McLaughlin showed her what was on the computer.
We learned there are 16 public computers at the Department of Driver Services in metro Atlanta and as far away as Columbus, Ga.
"Well they're not supposed to download at all that's the thing. They're not supposed to download anything," the supervisor at Roswell Road location told us.
"Maybe this stuff needs to be deleted," McLaughlin pointed out.
"Yeah," she responded.
"I'm just pointing it out," McLaughlin said.
"Thank you," she replied as she walked back behind the counter.
We pointed out the security risks at the Marietta location too.
"Well that's why we tell you when you exit out of the computer to make sure you exit out of all your information," the information clerk said.
However, the people we talked to didn't even realize they'd downloaded it and it was being stored. All they knew was to close the browser.
"Are you going to clear that bin? That cache?" McLaughlin asked.
"I will. I can't clear it right this minute, 'cause I have a line," she said, walking away.
She told us it would be deleted. However, we when came back the next day to check, it was still there.
"Fix it, oh absolutely!" Ireland demanded.
She and Ankit Patel asked us to delete their information from the computer. We did. It wasn't difficult. In fact, it wouldn't be difficult for DDS to set up a system that would not allow that information to be downloaded or stored at all.
"They need to do it right," Hogan said.
"What do you want us to do?" McLaughlin responded.
"Hold the powerful accountable," she stated.
We did. We sat down with Susan Sports, Public Information Officer for the Georgia Department of Driver Services.
"DDS takes the privacy and security of our customers personal information very seriously and I apologize," Sports said.
She says the public computers were just put in over the last year and she wasn't aware of the problems, until 11Alive brought it to her attention.
"We are, have an action plan and we will ensure that all of the public computers are set up correctly so this won't happen again. So the documents can't be downloaded or saved. We'll also have an additional process in place, where the computers will be checked by management at the close of business every day, to ensure that nothing's left on the computer," Sports said.
"At every computer?" McLaughlin asked.
"Correct," she said.
"And make sure everything's cleared every time another user comes on?" McLaughlin inquired.
"Yes sir," she responded, making a promise to do it in less than a week.
On Friday November, 15, Sports sent us an update and a plan:
Here are the enhancements we are adding this morning (Friday November 15th) to the DDS business center computers available for customer use:
- Desktop Data erased at login
- My Documents data erased at login
- Downloads folder data erased at login
- Recycle Bin bypassed
- Scheduled reboot every day at 8 pm
-Erase data routines runs after 10 minutes of inactivity