It's becoming a story so commonplace we're liable to ignore it: People's sensitive private data gets posted on a public website.

Yet every time it happens, there's a very real threat of identity theft, costing potentially thousands of dollars and countless hours to remedy. OhMyGov's Lost and Found map has been tracking stolen, misplaced, and mishandled government property and data for several months now. The amount of mishandled data is staggering, up 69% over last year according to the Identity Theft Resource Center.  

The Washington D.C. Metro agency is the latest culprit. For 16 days in June, the Social Security numbers of 4,700 Metro employees were posted in a  document available to the public on Metro's website. The sensitive information was included in a solicitation by Metro to companies for providing for workers' compensation and risk management services.

Clearly help is needed in the risk management arena -- like avoiding needless ones.  

Metro has disciplined three employees for the breach, the Washington Post reported, and is providing free credit reports, counseling, and $25,000 of identity theft insurance to those affected.

"We deeply regret this incident, and believe the likelihood of misuse of the information is low," Metro Chief Safety Officer Ronald Keele said in a statement.

The incident comes just a week after a Metro manager was charged with operating a prostitution ring from the Dupont Circle station.