Incident & Breach Response , Managed Detection & Response (MDR) , Security Operations

Texas Comptroller Apologizes for Breach

Comptroller Susan Combs Takes Full Responsibility for Security Errors
Texas Comptroller Apologizes for Breach
After firing four employees, including the heads of IT and information security, Texas Comptroller Susan Combs has taken personal responsibility for a security breach that exposed the personal information of some 3.5 million individuals.

"I am deeply sorry this incident occurred and I take full responsibility for it," Combs said in a statement issued late last week. "This incident has affected the lives of Texans that I have dedicated my life to serving, and I am determined to restore their faith in the comptroller's office. That's why we are taking additional actions to assist those who were affected and implementing new policies and procedures to help ensure this never happens again."

Despite her apology, not everyone in Texas is sympathetic. "Saying you are sorry is sometimes not enough," The Dallas Morning News said in an editorial. Especially when you don't get around to saying it until well after the apology was due. Those harmed want strong actions, not words."

Combs knew of the breach for about 10 days before going public on April 11, the paper reported, saying she delayed the initial announcement so her office could get consumer hot lines operational. "Combs should have been out front sooner. This mess put the credibility of her office - and more important, the financial future of millions - on the line," the editorial said.

The personal information that included Social Security numbers and home addresses, in some instances, remained exposed for about a year after unencrypted files from three state agencies were transmitted to a state comptroller server (see Texas Comptroller's Breach Lasted About a Year). The comptroller's office estimated the breach has cost taxpayers at least $1.8 million and four state workers their jobs (see Breach Costs Texas $1.8 Million).

Combs, a Republican, was re-elected virtually unopposed in 2010 to a second term as comptroller of public accounts .

The additional measures Combs unveiled in the apology statement includes the offering of free, one year of credit monitoring and Internet surveillance to those affected by the unauthorized posting of their personal information and identity restoration services for enrollees whose personal information is misused as a result of the data posting, paid for by Combs' campaign fund.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.