Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Texas Comptroller’s Office Left Unencrypted Data of 3.5 Million on Publicly Accessible Server

The Texas Comptroller’s office said today that records containing personally identifying information of about 3.5 million Texans were left exposed on an agency server that was accessible to the public. The records contained the names and mailing addresses of individuals.

The Texas Comptroller’s office said today that records containing personally identifying information of about 3.5 million Texans were left exposed on an agency server that was accessible to the public. The records contained the names and mailing addresses of individuals.

The records also included Social Security numbers, and also contained other information such as dates of birth or driver’s license numbers. The office said that all the numbers were embedded in a chain of numbers and not in separate fields. Despite being required by Texas administrative rules established for agencies, the exposed data was not encrypted. The Comptroller’s office also admitted that internal procedures were not followed, leading to the information being left on the server for a long period of time without being purged as required by internal procedures.

The agency discovered the mistake on March 31, and began to seal off public access to the files as quickly as possible.  leading to the information being placed on a server accessible to the public, and then being left on the server for a long period of time without being purged as required by internal procedures The agency has also contacted the Attorney General’s office to conduct an investigation on the data exposure.

The exposed information was in data transferred by the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas (ERS). The TRS data transferred in January 2010 had records of 1.2 million education employees and retirees. The TWC data transferred in April 2010 had records of about 2 million individuals in their system. And the ERS data transferred in May 2010 had records of approximately 281,000 state employees and retirees.

The agency is sending letters beginning Wednesday, April 13, to notify a large number of Texans whose personal information was inadvertently disclosed and has set up an informational website for individuals at www.TXsafeguard.org to provide additional details and recommended steps and resources for protecting identity information. Additionally, beginning tomorrow, Tuesday April 12, a special toll free phone line at 1-855-474-2065 will also be available for individuals to call.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.