Hacker Exposes Breakwater Beach Employees' Personal Information

Birth certificates, Social Security cards and driver’s licenses of employees at Jenkinson’s Breakwater Beach Waterpark at Casino Pier in Seaside Heights have been exposed by a computer security breach, according to a report.

Bamboozled, the NJ Advance Media consumer assistance column, reports the information -- which also included copies of passports, student IDs, tax forms, seasonal work agreements, minor consent forms and employment eligibility forms from the Department of Homeland Security -- has been easily accessible for an indeterminate length of time.

The employee information was stored on a company web site that apparently wasn’t protected by password entry, and the majority of those affected are seasonal employees, mostly are teenagers or young adults from towns across New Jersey. It included both those who were hired and those who were not in 2014 and 2015, according to the report.

Some were teens who applied for jobs but were never hired. Other employees came from overseas, including some from China, Ireland, Bulgaria, Lithuania and others, records show.

“In a word, ‘Wow,’” said Mitch Feather of Creative Associates, a Madison-based cybersecurity firm after reviewing the web site. “This is a case that everything is here for somebody to do an impersonation.”

Within 15 minutes of talking to Bamboozled, Breakwater Beach shut down the online access to documents.

A company spokeswoman, Maria Mastoris, said the breach involved two URLs that led to the same site.

She said the company has 500 employees in 2015 and there were 499 in 2014, but only 71 were affected. That’s because many employees didn’t upload their files, but instead gave hard copies to the company, she said.

Read more about the breach here.