The Texas Comptroller’s Office exposed the personally identifying information of 3.5 million people, exposing them to the risk of identity theft “for a long period of time,” according to a statement released Monday by Comptroller Susan Combs.
The information was unencrypted, and the server was not protected by passwords.
“I deeply regret the exposure of the personal information that occurred and am angry that it happened,” Combs said in a press release.
The exposure happened because of human error after people inside the comptroller’s office failed to follow data security rules, Combs said. The data came from the Teacher Retirement System of Texas, the Texas Workforce Commission and the Employees Retirement System of Texas, and it included names, Social Security numbers, dates of birth and driver’s license numbers.
[Identity Theft: Free Identity Risk Score and profile from Credit.com]
The agencies did not encrypt the files, as required by Texas state government rules, Combs said. Workers in Combs’ office then placed the files on a server accessible to the public. Someone discovered the mistake on the afternoon of March 31, according to the press release.
The only marginally good news is that the information was recorded in long strings of numbers, instead of separated into distinct fields.
“I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location,” Combs said in the release. “We take information security very seriously and this type of exposure will not happen again.”
Combs contacted the state attorney general’s office to investigate what went wrong. On April 13, her office began mailing letters to people whose information was exposed. Combs also said she will work with state legislators on a bill to create chief privacy officers at every state agency, and to create a statewide council on information security.
[Resource: 12 Tips for Protecting Your Identity]
Image: Davide Restivo, via Flickr.com