CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 12th, 2011

Data Breach At Texas Comptroller Office, 3.5 Million People Details Publicly Accessible For Over A Year

The Office of the Texas Comptroller is in the process of notifying 3.5 million individuals that their personal information was exposed after being stored on a publicly accessible server. The compromised records contained names, mailing addresses, dates of birth, driver’s license numbers and Social Security numbers, more than enough to fall within the category of protected personally identifiable information (PII).

The data was transferred to the Comptroller’s office by the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas (ERS). It was publicly accessible for over a year, from January 2010 until March 21 when the problem was discovered.

“I deeply regret the exposure of the personal information that occurred and am angry that it happened,” Texas Comptroller Susan Combs said. “I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location. We take information security very seriously and this type of exposure will not happen again,” she added.

Several factors contributed to the breach. First, the data was transferred by organizations to the Comptroller’s office in unencrypted form, contrary to the Texas administrative rules established for agencies.

Second, the office’s employees failed to follow several internal procedures, in the first place by allowing the data to be stored in a publicly accessible location and then by not purging it after it served its purpose.

There is currently no evidence to suggest the exposed data was misused, but the Attorney General’s office has been notified and has launched an investigation into the incident. The Comptroller’s office set up a special website with more details about the breach, as well as recommendations for those affected. A toll free phone line was also opened at 1-855-474-2065.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Ladbrokes Gamblers Database Breached, 4.5 Million Details Are For Sale
  • Private Data Exposed By Hackers In University Of Texas At Dallas
  • Genworth Financial Customer Data Theft
  • Texas National Guard Website Remains Unavailable After Malware Infection
  • Top-Ranked Facebook Applications Transmit Personal IDs, Personal Information To Ad Firms

    • Posted in Breaches And Incidents, Privacy | Print This Post Print This Post

    This entry was posted on Tuesday, April 12th, 2011 at 2:05 pm and is filed under Breaches And Incidents, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Data Breach At Texas Comptroller Office, 3.5 Million People Details Publicly Accessible For Over A Year

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »