Texas comptroller takes blame for major breach
Breach that exposed Social Security numbers of 3.5 million Texans has already led to firing of two IT execs
Computerworld - Days after firing two IT managers after a data breach exposed the Social Security numbers and other personal data of more than 3.5 million Texans, Texas Comptroller Susan Combs took personal responsibility for the incident.
In a statement issued by her office on Thursday, Combs apologized for the debacle and said her office would cover the cost of identity monitoring and restoration services for anyone affected by the breach.
The free credit-monitoring services are available starting today.
"I am deeply sorry this incident occurred and I take full responsibility for it," Combs said in the statement. "This incident has affected the lives of Texans that I have dedicated my life to serving, and I am determined to restore their faith in the Comptroller's office."
Earlier this month, Combs' office disclosed that Social Security numbers, driver's license numbers, and the names and addresses of more than 3.5 million Texas residents had been inadvertently exposed on a publicly accessible website for nearly a year.
The exposed data was included in files sent to the state comptroller's office by the Teacher Retirement System of Texas, the Texas Workforce Commission and the Employees Retirement System of Texas for use in a property verification system. The data was mistakenly sent unencrypted to the comptroller's office.
Following the discovery of the breach, the heads of information security and of innovation and technology at the comptroller's office were fired, and Deloitte Consulting and Gartner were hired to review its security measures and recommend changes.
Combs also said that her office will be implementing a series of additional measures -- including the installation of new data leak prevention software and an enhanced file-transfer system featuring robust encryption capabilities -- to mitigate the chances of a similar incident occurring.
The comptroller's office will also be adding staff, including a new chief privacy officer, and reorganizing internal reporting structures to strengthen security, Combs said. The chief privacy officer will work with the office's CTO, information security officer and internal auditor to shore up privacy practices, she added.
The breach has already cost the comptroller's office more than $1.8 million and could end up costing a whole lot more, according to reports.
So far, the state has spent $1.2 million on sending out notification letters, close to $300,000 for Gartner's and Deloitte's services, and another $393,000 to set up a call center for handling queries from those affected by the breach, according to the Austin American-Statesman's website.
In addition, the website noted that the identity monitoring service being offered by Combs' office could cost up to $21 million if everybody enrolls in it. Combs has stated that she will bear the cost of identity restoration services from her own campaign funds, the publication noted.
Combs' office did not respond to a request for confirmation of the estimated costs listed on Statesman.com.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- Healthcare organizations still too lax on security
- Why would Chinese hackers want US hospital patient data?
- About 4.5M face risk of ID theft after hospital network hacked
- Supervalu breach shows why move to smartcards is long overdue
- Grocery stores in multiple states hit by data breach
- Update: Payment cards with chips aren't perfect, so encrypt everything, experts say
- U.S. agencies halt background checks by contractor after cyberattack
- Five unanswered questions about massive Russian hacker database
- Massive Russian hack has researchers scratching their heads
- Russian hackers amass 1.2B stolen Web credentials
Read more about Security in Computerworld's Security Topic Center.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts