Since the breach — which exposed personal data of approximately 3.5 million people in Texas on a publicly accessible website — was announced March 31, the state has racked up $1.2 million in costs for letters sent to those affected. An additional $393,000 was spent to set up a call center for assistance, and it cost $290,000 to hire consultants Deloitte Consulting and Gartner.
Deloitte was brought on board to confirm that no other confidential data was exposed during the breach, while Gartner will provide an IT security risk assessment of the Comptroller’s Office.
“I and other Texans whose personal data was potentially exposed need to feel confident that an incident like this will never happen again,” Texas Comptroller Susan Combs said in a statement. “We will follow our consultants’ advice and do everything in our power to ensure that information entrusted to state government is secure.”
The information was erroneously made available to the public in data transferred by the Teacher Retirement System of Texas in January 2010, the Texas Workforce Commission in April 2010 and the Employees Retirement System of Texas in May 2010. The data files weren’t encrypted as required by Texas administrative rules, and other internal procedures weren’t followed, leading to the breach.
Once the records were discovered, they were moved to a secure location, according to a news release issued by Combs’ office. Four employees were axed from the Comptroller’s Office, including the head of Innovation and Technology and the head of Information Security.
The Texas Comptroller’s Office also set up a website — www.TXsafeguard.org — for information related to the breach and the aforementioned call center can be reached at (855) 474-2065. Credit monitoring is also available for affected personnel at a discounted rate through Experian.
Messages from Government Technology to multiple officials in the Texas Comptroller’s Office and to Gartner seeking comment on the consultants’ roles and mitigation efforts weren’t immediately returned.