Comment by sehugg

Several maps created to assist the agency with decisions — like where to open new offices and allocate certain resources — were made public through incorrect privacy settings between 2021 and 2025 ... the mapping website was unable to identify who viewed the maps ... implemented a secure map policy that prohibits uploading customer data to public mapping websites.

So a state employee/contractor (doesn't say) uploaded unaggregated customer records to a mapping website hosted on the public internet?