Breach Costs Texas $1.8 Million

Comptroller Fires IT and IT Security Heads, Two Other Employees

By , April 22, 2011.
Breach Costs Texas $1.8 Million

A

See Also: Fighting Financial Fraud: Mitigation for Malware, Phishing & DDoS Attacks

Texas state comptroller office computer breach that exposed the personal information of 3.5 million individuals has cost taxpayers $1.8 million, with that figure likely to rise, according to a report posted Friday on the website of an Austin newspaper.

In addition, the exposure of personal information of 3.5 million individuals over one year cost four employees their jobs, including the head of IT and information security, the comptroller office said.

Earlier this month, the comptroller office revealed Social Security numbers, names and mailing addresses as well as other information, to varying degrees, such as birth dates and driver's license numbers were left exposed on its computers beginning in January 2010. The breach wasn't discovered until March 31 (see Texas Comptroller's Breach Lasted About a Year).

The state spent $1.2 million to notify those whose personal information was exposed, $393,000 to established a call center to offer assistance and $290,000 to retain two IT consultants - identified by the controller's office as Gartner and Deloitte - to examine the agency's information security policies and procedures, the Statesman.com reported.

The comptroller said data files transferred from three state agencies were not encrypted as required by Texas administrative rules, adding that personnel in the comptroller's office incorrectly allowed exposure of that data. Several internal procedures were not followed, leading to the information being placed on a server accessible to the public, and then being left on the server for a long period of time without being purged as required by internal procedures, the comptroller office said.

The comptroller office said it had negotiated discounts for fraud-related assistance, including credit monitoring, Social Security number protection, Internet surveillance and $10,000 of identity theft insurance with two companies.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Sony Breach: Studio Cancels Film Release

One day after hackers made a "terror" threat against movie theaters planning to show the upcoming...

Latest Tweets and Mentions

ARTICLE Sony Breach: Studio Cancels Film Release

One day after hackers made a "terror" threat against movie theaters planning to show the upcoming...

The ISMG Network