Texas fires two tech chiefs over breach
Data of 3.2M people was inadvertently posted on a publicly accessible Web site
Computerworld - The Texas State Comptroller's office has fired its heads of information security and of innovation and technology following an inadvertent data leak that exposed Social Security numbers and other personal information on over 3.2 million people in the state.
Two other employees have also been fired over the incident, a statement posted on Texas Comptroller Susan Combs' site noted.
The office has hired Gartner and Deloitte to review its existing information security controls and policies and to recommend any needed changes. In addition, the state has also negotiated a 70% discount on credit monitoring fees with Experian for affected individuals, the statement said.
The measures come in the wake of a recent disclosure by Combs' office that Social Security numbers, driver's license numbers, and names and addresses of more than 3.2 million Texans were inadvertently posted on a publicly accessible Web site for nearly a year.
The exposed data was contained in three files that were transferred to the comptroller's office from the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission and the Employees Retirement System of Texas (ERS).
The data, which was to be used by a property verification system at the Comptroller's office, was supposed to have been transferred in an encrypted manner by the agencies under Texas administrative rules. However, the data was transferred in an unencrypted manner to the Comptroller.
To compound the mistake, personnel in Combs' office then put the information onto a server that was accessible to the public and left it there for an extended period, without purging it as required, the statement said.
The mistake was finally discovered on March 31, more than 10 months after the files were put on the server. Since then, public access to the files have been shut off and the data itself been removed from the server. The exposed information was "embedded in a chain of numbers and not in separate fields," the statement noted.
Though Combs' office noted that there is no indication that the exposed data has been misused, a statement released by state Attorney General Greg Abbott on Tuesday warned of a fraudulent call received by a state employee following the breach.
"Unfortunately, the Attorney General's Office has learned that Texans affected by the Internet security breach may now be the targets of a new telephone scam," Abbott said. He asked affected victims to be extra vigilant against fraud.
Abbott's office is currently conducting an investigation into the breach.
The sheer number of records that were exposed by the comptroller's office makes this the largest breach involving Social Security numbers and other personal data, this year. Despite the size of the breach, the public firing of technology executives over such incidents are relatively rare.
In 2008, Providence Home Services fired an employee and three others quit their jobs, after the theft of backup computer tapes and disk containing personal information on 365,000 individuals.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Hackers steal user data from the European Central Bank website, demand money
- Arrests made after international cyber-ring targets StubHub
- SQL injection flaw opens door for Wall Street Journal database hack
- Goodwill Industries probes possible payment card breach
- Aloha point-of-sale terminal, sold on eBay, yields security surprises
- The biggest data breaches of 2014 (so far)
- Blue Shield discloses 18,000 doctors' Social Security numbers
- PF Chang's says breach was 'highly sophisticated criminal operation'
- Breaches exposed 1 in 7 US debit cards in 2013
- New malware program targets banking data
Read more about Data Security in Computerworld's Data Security Topic Center.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- A More Predictable Way to Budget Software Costs Wavetronix enables creative collaboration while cost-effectively accessing all the latest tools with Adobe Creative Cloud for teams. For Wavetronix, collaboration was easy when...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface. All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!