State of Texas exposes data on 3.5 million people

Susan CombsSusan Combs, Comptroller for the state of Texas announced a massive data leak that resulted in 3.5 million people’s social security numbers, names, addresses and in some cases their birth date and drivers license number being exposed.

Unlike private companies who have had large releases of PII (Personally Identifiable Information) recently, the state of Texas is not providing credit monitoring or other services for the victims of their mistake. They are simply providing sage advice

The Comptroller’s office discovered on the afternoon of March 31st, 2011 that they had inadvertently placed the private information of the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas (ERS) on an internet accessible server.

The data was not encrypted, which is a breach of policy, as well and having bypassed several other policy rules within the state designed to protect people’s PII.

Encryption ScrabbleOften when I am talking with people at shows and seminars I ask them if they have an encryption program in place. Nearly always the answer is “Of course! We have deployed encryption to over 80% of our laptops already.”

I then ask about the servers, databases and other critical storage locations of sensitive data and I see a scary look in their eyes… They usually respond with “Oh, that’s OK, that information is all inside of our firewall.”

As we saw with Epsilon and many others before is that sensitive data must be protected regardless of the media or location it is stored.

To learn more about what you can do, download our paper “Protecting PII: Take 8 Steps to Protect“.