The Texas Comptroller’s office said today that records containing personally identifying information of about 3.5 million Texans were left exposed on an agency server that was accessible to the public. The records contained the names and mailing addresses of individuals.
The records also included Social Security numbers, and also contained other information such as dates of birth or driver’s license numbers. The office said that all the numbers were embedded in a chain of numbers and not in separate fields. Despite being required by Texas administrative rules established for agencies, the exposed data was not encrypted. The Comptroller’s office also admitted that internal procedures were not followed, leading to the information being left on the server for a long period of time without being purged as required by internal procedures.
The agency discovered the mistake on March 31, and began to seal off public access to the files as quickly as possible. leading to the information being placed on a server accessible to the public, and then being left on the server for a long period of time without being purged as required by internal procedures The agency has also contacted the Attorney General’s office to conduct an investigation on the data exposure.
The exposed information was in data transferred by the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas (ERS). The TRS data transferred in January 2010 had records of 1.2 million education employees and retirees. The TWC data transferred in April 2010 had records of about 2 million individuals in their system. And the ERS data transferred in May 2010 had records of approximately 281,000 state employees and retirees.
The agency is sending letters beginning Wednesday, April 13, to notify a large number of Texans whose personal information was inadvertently disclosed and has set up an informational website for individuals at www.TXsafeguard.org to provide additional details and recommended steps and resources for protecting identity information. Additionally, beginning tomorrow, Tuesday April 12, a special toll free phone line at 1-855-474-2065 will also be available for individuals to call.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 Working on Patch for BIG-IP Flaw That Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
