One of the state's largest agencies might have put thousands of its employees in danger of having their identities stolen, according to a new report.

The Illinois auditor general's office said Tuesday that the Illinois Department of Transportation broke state law by failing to adequately store and dispose of sensitive employee records.

The discovery came during a routine audit of the agency last year when auditors walked through IDOT's main office in Springfield and noticed confidential, personal and sensitive information in recycling bins.

Included in the open containers were payroll reports including names and Social Security numbers, time sheets and home addresses.

"We found the department's procedures for properly disposing of confidential information were not adequate and not always enforced," auditors said.

The $2.1 billion agency employs more than 5,500 workers across the state.

In a response, IDOT officials agreed to improve security measures when it comes to disposing and storing sensitive personnel documents.

Agency spokesman Mike Claffey said the agency sent out memos and purchased locking recycling bins. In addition, IDOT assigned special identifying numbers to each employee to be used instead of Social Security numbers.

And, visitors to the agency's main offices in Springfield now must have escorts when they are in the building.

"It is a top priority. We have been dealing with it very aggressively," Claffey said.

Claffey said there are no known instances of identity theft in connection with the problem.