Offshore outsourcing cited in Florida data leak
State employees are being warned that their personal data may have been compromised
IDG News Service - Florida state employees are being warned that their personal information may have been compromised after work on the state's People First payroll and human resources system was improperly subcontracted to a company in India.
Employees who worked for the state during the 18-month period between Jan. 1, 2003, and June 30, 2004, may be affected, according to an e-mail message sent to all state employees on March 16. The state's Department of Management Services (DMS), which oversees the People First system, estimates that 108,000 current and former state employees may be affected by the data breach, although that estimate could change as the department's investigation into the matter continues.
The e-mail was sent after a subcontractor of outsourcing service provider Convergys Corp. improperly allowed subcontractors in India to index state personnel files, said DMS spokeswoman Tiffany Koenigkramer. The offshoring was done as part of Convergys's nine-year, $350 million contract to manage the state's personnel work.
Convergys had subcontracted the indexing work to GDXdata Inc., in Denver, which itself turned to a subcontractor in India, a violation of the GDXdata contract with Convergys, the DMS said. Convergys has since cancelled its contract with GDXdata, the agency said.
Convergys said the offshore work was done without its knowledge. "Convergys was misled by GDX, one of several subcontractors hired to perform work for the state of Florida," the company said in a statement.
The offshore work was made public in late December, when documents were unsealed in a "whistle-blower" lawsuit brought against GDXdata by two former employees.
The DMS is investigating the matter, but it has so far detected "no known cases of credit fraud or identity fraud that resulted from this work," Koenigkramer said.
"It is common today for businesses and even government to use offshore companies," the DMS March 16 e-mail states. "However, the use of offshore services in this case was inappropriate and unacceptable."
Convergys and the DMS expect to provide affected employees with a credit-protection plan this week, Koenigkramer said.
That is not enough for one of the state's public-employee unions, which is calling for an end to the Convergys deal and saying that the People First system has been mismanaged. "We want this thing killed," said Doug Martin, communications director at the American Federation of State, County and Municipal Employees, Council 79. "This is a joke, and the sad thing is, we're paying for it."
State Sen. Walter "Skip" Campbell, a Democrat who would also like to see the contract pulled, called the outsourcing a "critical security breach," in part because it inappropriately exposed sensitive information about the state's law enforcement agents. "We don't know how far the dissemination of this information has gone," he said.
Based in Cincinnati, Convergys is a provider of billing, customer service and human resources outsourcing services. It reported $2.5 billion in revenue last year, according to the company's Web site.
A spokeswoman for GDXdata declined to comment for this story.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!