A database leak in Mesa County, Colorado has left the personal information of 200,000 people in jeopardy. And not just any 200,000 people—these are suspects, victims, and informants working with the sheriff's department to out other criminals. The incident has left the sheriff's department scrambling to find out who might have accessed the information—and whether it's now posted elsewhere on the Internet.

The leak started flowing when a county IT employee who had legal access to the database copied it to another server in April of this year. According to the Associated Press, the employee had copied over the database in the form of a giant text file with everyone's information available in plaintext, assuming that the target server was secure.

The sheriff's department wasn't even aware that the server was apparently not secure until late November, when one of those named in the list discovered his or her information floating around online. Since then, authorities determined that the info was first accessed by others (both inside and outside the US) in late October, continuing on until the file was removed a month later.

News broke in November that the leak had occurred, but only now has it come out that the file contained names, phone numbers, addresses, and Social Security numbers of numerous individuals associated with criminal investigations. The list includes not only victims, suspects, and informants, but also holds information about county employees and unspecified "information" from the US Drug Enforcement Administration.

Police, along with the FBI and Google (apparently thanks to Google's Web crawler, which indexed the data), are now working to figure out who could be in jeopardy thanks to the leak. "[W]e're talking about people's personal safety," Sheriff Stan Hilkey told the AP.

No kidding. Informants in particular are in danger if others find out they've been talking to the police, not to mention victims who are now at risk for further abuse. Suspects may also take the opportunity to conveniently disappear after discovering that they were being investigated.

This kind of data leak—the kind that occurs as a result of employee actions and not outside "hackers"—is surprisingly common. State employees (and the IRS) seem to always be losing laptops that contain personal information about citizens, and the military recently enacted (another) ban on external disks accessing the network in order to prevent another WikiLeaks bomb from going off.

Security experts warned in the past that employees tend to be the greatest threat to company security—a lesson that the Mesa County sheriff's department has now learned the hard way.

Listing image by Lance Kidwell / Free Images