ST. PAUL (AP) - Minnesota's legislative auditor says leaders of the state's new health insurance exchange could have done more to prevent the disclosure of Social Security numbers of about 1,600 insurance agents.

The auditor released its inquiry Thursday into the September data breach by MNsure. The report finds it was unintentional and that the agency responded properly. But it rejects claims from MNsure officials that it was only "an HR issue" that was resolved by firing the responsible employee.

The auditor points out others at MNsure decided to collect Social Security numbers in the first place, only to decide it wasn't necessary after the breach. The audit highlights other decisions it says made the breach possible.

MNsure's executive director says the agency takes the findings seriously and is improving data privacy training.