While news that a retailer or financial services company has had a data breach that put private consumer information at risk is pretty much a monthly occurrence these days, it would seem that the government isn't immune from data loss, either. In this case, however, it's not about theft, but about human error. The comptroller for the State of Texas this week began notifying millions of people that their personal data – including names, addresses and social security numbers – had been posted to a public server, where it was available for as long as a year, in some cases, reported Information Week.

“I deeply regret the exposure of the personal information that occurred and am angry that it happened,” said Texas comptroller Susan Combs in a statement. “I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location. We take information security very seriously and this type of exposure will not happen again.”

A criminal investigation has been launched by both the Texas state attorney general and the FBI. A state spokesperson told The Dallas Morning News that an unspecified number of people were fired after the breach was discovered on March 31, 2011. The breach was reportedly discovered less than two weeks ago when other folders were being scanned in the server.

The 3.5 million breached records include 1.2 million records, posted in January 2010, of education employees and retirees from the Teacher Retirement System of Texas. In addition, 2 million records from the Texas Workforce Commission (TWC), which provides unemployment benefits to Texas residents, were posted in April 2010. Finally, 281,000 records from the Employees Retirement System of Texas, involving state employees and retirees, were posted in May 2010, said InformationWeek.

Data breaches, both accidental and criminal, are becoming more common as more personal information goes online. According to an InformationWeek article from July of last year, the Identity Theft Resource Center (ITRC) recorded 341 individual data breaches during the first six months of 2010, but hundreds more went unreported, said the organization. In addition, for 46 percent of breaches, the number of records potentially affected weren't disclosed, and for 38 percent, no cause was disclosed. The ITRC said that some states now harbor a “protected breach list” that is not made public at all, or is only accessible by exercising the Freedom of Information Act.