Following last week's massive Epsilon e-mail breach, it feels as if all of us suddenly have a little too much personal information floating around online. And now, a large group of Texans are about to have it a lot worse: the state revealed Monday that personal information for 3.5 million citizens has been exposed to the public, including names, addresses, Social Security numbers, and more.

According to Texas State Comptroller Susan Combs, the data wasn't exposed by a hacker or a group of vigilante scriptkiddies—it ended up on a state-controlled public server after having been passed around between various state agencies. The data came from the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas, all of whom transferred the unencrypted data (against state policy) between January and May of 2010. The information was only discovered on the public server on March 31, 2011, meaning it has been available for almost a year.

So far, the state says there's no indication that the data was misused, but that doesn't mean it hasn't or won't be sometime in the future. In addition to the aforementioned personal information, Combs said that other data, like date of birth and driver's license numbers had been exposed "to varying degrees." Additionally, "all the numbers were embedded in a chain of numbers and not in separate fields"—good if only lazy "hackers" accessed the file, but bad because it ensures that the appropriate data is matched with other data from the same person.

Combs emphasized that numerous internal procedures were not followed, and that her office had been in contact with the Texas Attorney General in order to conduct an investigation into the exposure.

"I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location," Combs said in a statement. "We take information security very seriously and this type of exposure will not happen again."

The incident comes almost exactly one week after e-mail marketing vendor Epsilon announced that an unauthorized party had accessed its system on March 30, exposing customer names and e-mail addresses from "a subset of Epsilon clients' customer data." Epsilon's clients are made up of about 2,500 companies, however, including a number of big names like Best Buy, TiVo, Chase, Verizon, Walgreen's, the US College Board, US Bank, Capital One, and numerous others. Only e-mail addresses and names were exposed in Epsilon's case, though—enough to expose people to increased spam and phishing attacks, but probably not much else.

Unfortunately for those whose data was exposed by the state of Texas, it won't just be a matter of beefing up their spam filters or making sure not to click links from unverified parties. The comptroller's office advises that affected individuals should put a fraud alert on their profiles with all the major credit reporting agencies and to carefully monitor all of their accounts for cases of identity theft. (We recommend reading our guide on avoiding identity theft from 2009, which adds a few more precautions for those who want to stay extra safe.) Texans whose data was exposed will be notified by letter, or they can call 1-855-474-2065 starting April 12 to find out early.