Texas Comptroller takes blame for major breach

Breach that exposed social security numbers of 3.5 million Texans has already led to firing of two IT execs

Days after firing two IT managers after a data breach exposed the Social Security numbers and other personal data of over 3.5 million Texans, Texas Comptroller Susan Combs took personal responsibility for the incident.

In a statement issued by her office on Thursday, Combs apologized for the debacle and said her office would cover the cost of identity monitoring and restoration services for anyone affected by the breach.

The free credit monitoring services are available starting today.

"I am deeply sorry this incident occurred and I take full responsibility for it," Combs said in the statement. "This incident has affected the lives of Texans that I have dedicated my life to serving, and I am determined to restore their faith in the Comptroller's office."

Earlier this month, Combs' office disclosed that Social Security numbers, driver's license numbers, and names and addresses of more than 3.5 million Texas residents had been inadvertently exposed on a publicly accessible Web site for nearly a year.

The exposed data was included in files sent to the State Comptroller's office by the Teacher Retirement System (TRS) of Texas, the Texas Workforce Commission and the Employees Retirement System of Texas (ERS) for use in a property verification system. The data was mistakenly sent unencrypted to the Comptroller's office.

Following the discovery of the breach, the heads of information security and of innovation and technology at the Comtroller's office were fired, and consulting firm Deloitte and Gartner was hired to review its security measures and recommend changes.

Combs also said that her office will be implementing a series of additional measures -- including the installation of new data leak prevention software and an enhanced file transfer system featuring robust encryption capabilities -- to mitigate the chances of a similar incident.

The Comptroller's office will also be adding staff, including a new chief privacy officer, and reorganizing internal reporting structures to strengthen security, she said. The chief privacy officer will work with the office's CTO, information security officer and internal auditor to shore up privacy practices, Combs added.

The breach has already cost the Comptroller's office more than $1.8 million and could end up costing a a whole lot more, according to reports.

So far, the state has spent $1.2 million on sending out notification letters, close to $300,000 for Gartner and Deloitte's services and another $393,000 to set up a call center for handling queries from those affected by the breach, according to The Austin American-Statesman's statesman.com Web site.

In addition, the Web site noted that the identity monitoring service being offered by Combs' office could cost up to $21 million if everybody enrolled in it. Combs has stated that she will bear the cost of identity restoration services from her own campaign funds, the publication noted.

Combs' office did not respond to a request to confirm the estimated costs listed on statesman.com.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about security in Computerworld's Security Topic Center.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacy

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld (US)
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?