Computerworld - The Texas State Comptroller's office has fired its
heads of information security and of innovation and technology
following an inadvertent data leak that exposed Social Security
numbers and other personal information on over 3.2 million people in
the state.
Two other employees have also been fired over the incident, a
statement posted on Texas Comptroller Susan Combs' site noted.
The office has hired Gartner and Deloitte to review its existing
information security controls and policies and to recommend any needed
changes. In addition, the state has also negotiated a 70% discount on
credit monitoring fees with Experian for affected individuals, the
statement said.
The measures come in the wake of a recent disclosure by Combs' office
that Social Security numbers, driver's license numbers, and names and
addresses of more than 3.2 million Texans were inadvertently posted on
a publicly accessible Web site for nearly a year.
The exposed data was contained in three files that were transferred to
the comptroller's office from the Teacher Retirement System of Texas
(TRS), the Texas Workforce Commission and the Employees Retirement
System of Texas (ERS).
The data, which was to be used by a property verification system at
the Comptroller's office, was supposed to have been transferred in an
encrypted manner by the agencies under Texas administrative rules.
However, the data was transferred in an unencrypted manner to the
Comptroller.
To compound the mistake, personnel in Combs' office then put the
information onto a server that was accessible to the public and left
it there for an extended period, without purging it as required, the
statement said.
The mistake was finally discovered on March 31, more than 10 months
after the files were put on the server. Since then, public access to
the files have been shut off and the data itself been removed from the
server. The exposed information was "embedded in a chain of numbers
and not in separate fields," the statement noted.
Though Combs' office noted that there is no indication that the
exposed data has been misused, a statement released by state Attorney
General Greg Abbott on Tuesday warned of a fraudulent call received by
a state employee following the breach.
"Unfortunately, the Attorney General's Office has learned that Texans
affected by the Internet security breach may now be the targets of a
new telephone scam," Abbott said. He asked affected victims to be
extra vigilant against fraud.
Abbott's office is currently conducting an investigation into the breach.
The sheer number of records that were exposed by the comptroller's
office makes this the largest breach involving Social Security numbers
and other personal data, this year. Despite the size of the breach,
the public firing of technology executives over such incidents are
relatively rare.
In 2008, Providence Home Services fired an employee and three others
quit their jobs, after the theft of backup computer tapes and disk
containing personal information on 365,000 individuals.
No comments:
Post a Comment