Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Texas Comptroller’s Office Left Unencrypted Data of 3.5 Million on Publicly Accessible Server

The Texas Comptroller’s office said today that records containing personally identifying information of about 3.5 million Texans were left exposed on an agency server that was accessible to the public. The records contained the names and mailing addresses of individuals.

The Texas Comptroller’s office said today that records containing personally identifying information of about 3.5 million Texans were left exposed on an agency server that was accessible to the public. The records contained the names and mailing addresses of individuals.

The records also included Social Security numbers, and also contained other information such as dates of birth or driver’s license numbers. The office said that all the numbers were embedded in a chain of numbers and not in separate fields. Despite being required by Texas administrative rules established for agencies, the exposed data was not encrypted. The Comptroller’s office also admitted that internal procedures were not followed, leading to the information being left on the server for a long period of time without being purged as required by internal procedures.

The agency discovered the mistake on March 31, and began to seal off public access to the files as quickly as possible.  leading to the information being placed on a server accessible to the public, and then being left on the server for a long period of time without being purged as required by internal procedures The agency has also contacted the Attorney General’s office to conduct an investigation on the data exposure.

The exposed information was in data transferred by the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas (ERS). The TRS data transferred in January 2010 had records of 1.2 million education employees and retirees. The TWC data transferred in April 2010 had records of about 2 million individuals in their system. And the ERS data transferred in May 2010 had records of approximately 281,000 state employees and retirees.

The agency is sending letters beginning Wednesday, April 13, to notify a large number of Texans whose personal information was inadvertently disclosed and has set up an informational website for individuals at www.TXsafeguard.org to provide additional details and recommended steps and resources for protecting identity information. Additionally, beginning tomorrow, Tuesday April 12, a special toll free phone line at 1-855-474-2065 will also be available for individuals to call.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...