The human capital consulting arm of global risk management company AON Corporation has admitted to accidentally leaking identity details of 22,000 former employees of the US State of Delaware.
The leak occurred two weeks ago when AON posted a request for proposal (RFP) on behalf of Delaware's state benefits scheme on its website.
Retirees' dates of birth, gender and social security numbers were included in the document, which was openly available for five days, according to Delware's Office of Budget Management.
The state has sent 22,000 letters to affected customers notifying them of the data breach.
AON clarified that no names were included in the document and has offered to pay for credit monitoring services for affected customers.
Last month Australian shopping centre giant Westfield warned customers that frequent its Bondi Junction centre to be wary of receiving unsolicited emails or phone calls after it leaked their details.
Under Australia's self-regulatory data breach framework, Westfield was not under any obligation to inform its customers of the breach.