Breach Costs Texas $1.8 Million

Comptroller Fires IT and IT Security Heads, Two Other Employees
Breach Costs Texas $1.8 Million
A Texas state comptroller office computer breach that exposed the personal information of 3.5 million individuals has cost taxpayers $1.8 million, with that figure likely to rise, according to a report posted Friday on the website of an Austin newspaper.

In addition, the exposure of personal information of 3.5 million individuals over one year cost four employees their jobs, including the head of IT and information security, the comptroller office said.

Earlier this month, the comptroller office revealed Social Security numbers, names and mailing addresses as well as other information, to varying degrees, such as birth dates and driver's license numbers were left exposed on its computers beginning in January 2010. The breach wasn't discovered until March 31 (see Texas Comptroller's Breach Lasted About a Year).

The state spent $1.2 million to notify those whose personal information was exposed, $393,000 to established a call center to offer assistance and $290,000 to retain two IT consultants - identified by the controller's office as Gartner and Deloitte - to examine the agency's information security policies and procedures, the reported.

The comptroller said data files transferred from three state agencies were not encrypted as required by Texas administrative rules, adding that personnel in the comptroller's office incorrectly allowed exposure of that data. Several internal procedures were not followed, leading to the information being placed on a server accessible to the public, and then being left on the server for a long period of time without being purged as required by internal procedures, the comptroller office said.

The comptroller office said it had negotiated discounts for fraud-related assistance, including credit monitoring, Social Security number protection, Internet surveillance and $10,000 of identity theft insurance with two companies.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.