Sophos Cloud Optix
Susan Combs, Comptroller for the state of Texas announced a massive data leak that resulted in 3.5 million people’s social security numbers, names, addresses and in some cases their birth date and drivers license number being exposed.
Unlike private companies who have had large releases of PII (Personally Identifiable Information) recently, the state of Texas is not providing credit monitoring or other services for the victims of their mistake. They are simply providing sage advice…
The Comptroller’s office discovered on the afternoon of March 31st, 2011 that they had inadvertently placed the private information of the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas (ERS) on an internet accessible server.
The data was not encrypted, which is a breach of policy, as well and having bypassed several other policy rules within the state designed to protect people’s PII.
Often when I am talking with people at shows and seminars I ask them if they have an encryption program in place. Nearly always the answer is “Of course! We have deployed encryption to over 80% of our laptops already.”
I then ask about the servers, databases and other critical storage locations of sensitive data and I see a scary look in their eyes… They usually respond with “Oh, that’s OK, that information is all inside of our firewall.”
As we saw with Epsilon and many others before is that sensitive data must be protected regardless of the media or location it is stored.
To learn more about what you can do, download our paper “Protecting PII: Take 8 Steps to Protect“.
At the risk of sounding paranoid, were all these employees members of unions?
We can be paranoid together…I had the exact same question. 🙂
I am one of the 3.5mil. So, to answer your question – no. Not only am I not an employee of the state of Texas or a public servant, I am also not a union member.
Is the State of Texas so naive as to think just providing guidelines will cover up their "mistake"? I work in an Outsourced Call Center and part of that job is to take calls and enroll customers in free Identity protection from leaks like this. It is one of the lead ID Theft protection company's out there. If I were affected I would get that protection and bill Texas for it since it was their mistake in the first place.
Interesting! Had this been a corporation they would have had the State and Federal government all over them and would most likely be looking at fines in the hundreds of thousands if not millions of dollars. Not to mention they would be forced to provide free credit reporting to the compromised individuals for 5 – 10 years and would have regulators crawling throughout their business for the next 15 – 20 years. None of which do I disagree with, but seems like there might be a double standard here.
Of course we do not know the extent of external access to the data or how the faux pas was discovered so my comments could be way off base.
I want to know the name of the top dog responsible and assurance from the state that the imbecile has been fired, without benefit.
I work for the State of Texas and I'm not a Union member. Yesterday we were having system issues and management informed us they were installing a new firewall. A little too late….. Also, they did not explain about the above story in our meeting….
They should be providing monitoring for free and no we are not unionized in Texas. We are just stuck with the stupidity of those who run the system!!
This is huge! Why does she have such a huge smile on her face? If I was running stuff in Texas I would first slap that Joker-like smile of her face then FIRE everyone! Is she aware that San Antonio, TX is claiming to be Cyber City USA? Someone should tell her that this is an EPIC FAIL for the entire state of Texas. There goes their campaign to be tapped as Cyber City USA. They should stop chasing federal paper and pay a Cybersecurity specialist to encrypt their residents data. Cheap assholes. If you participate in immoral or unethical behavior you will be exposed and your secrets will be put on the Internet. By remaining complacent about their security posture the state’s residents paid the ultimate price. Now they get to deal with identity theft issues for the rest of their lives. Well done Texas to you my glass rises! NOT!! #EPICFAIL
Joe Black CISSP NSA-4011 CISM Security+
Certified Ethical Hacker