AOL fires 2 after data breach

NEW YORK -- AOL fired two employees and its chief technology officer left the company after a privacy breach that involved the intentional release of more than 650,000 subscribers' Internet search terms.

AOL had substituted numeric IDs for subscribers' user names, but the search queries contained Social Security numbers, medical conditions, and other data traceable to individuals. The New York Times was able to trace user 4417749 to Thelma Arnold, 62, of Lilburn, Ga.

Maureen Govern, the technology chief, will be replaced on an interim basis by John McKinley, who held that position before becoming AOL's president for digital services. The change takes effect immediately, according to a memo from AOL chief executive Jonathan Miller.

AOL, a unit of Time Warner Inc., apologized two weeks ago for what it termed a mistake made by a company researcher who had failed to properly seek clearances before releasing three months' worth of search data. Though the information was meant for researchers, it was released to a public site and quickly circulated once a blogger discovered it.

The company fired the researcher who released the data and that employee's direct supervisor, who reported to Govern, said a person familiar with the company decisions, who spoke on condition of anonymity.

At least two groups have asked the Federal Trade Commission to investigate. In its complaint, the Electronic Frontier Foundation accused AOL of breaking a promise to protect its subscribers' privacy. AOL said it's creating a task force led by senior executives to review privacy policies and taking other steps.