April 12, 2011

Texas Comptroller Exposed Private Records

About 3.5 million Texas residents had their personal information mistakenly compromised and posted on public servers controlled by the state comptroller's office and remained there nearly 12 months before the problem was discovered by officials, the state agency said on Monday.

Texas Comptroller Susan Combs said some of the information exposed included Social Security numbers, birthdates and driver's license numbers. She noted there was no indication of misuse of any of the data released.

"I deeply regret the exposure of the personal information that occurred and am angry that it happened," Combs told Reuters in a statement. "I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered, and was then moved to a secure location."

The information exposed came from the Teacher Retirement System of Texas, the Employees Retirement System of Texas, and the Texas Workforce Commission. The Texas Workforce Commission had the largest breach of data, which contains more than 2 million individual records. Data from the Teachers Retirement System includes 1.2 million records, and about 281,000 records from the Employees Retirement System.

The agency said in a statement that it will begin issuing letters on Wednesday to those affected by the exposure.

The data was placed on a server accessible by the public and stayed on that server "for a long period of time" and wasn't discovered until March 31, when the agency began blocking public access to the files, the statement said.

"I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location," Combs said. "We take information security very seriously and this type of exposure will not happen again."

The files were not encrypted as required by Texas administrative rules established for agencies. The issue was discovered when staffers at the agency were doing a security scan on other files. The data files were incorrectly placed on the server, said RJ DeSilva, a spokesman for Combs.

The security breach was ironic because Combs has fought to keep state employees' birth dates private, arguing that releasing them could lead to identity theft. "This will not happen again," Combs vowed.

The Texas Attorney General's office is investigating the matter, said DeSilva


On the Net: