Texas Data Breach Exposed 3.5 Million Records

Names, addresses, and social security numbers of state retirees and unemployment beneficiaries were posted, unencrypted, on a public server.

(click image for larger view)
Slideshow: 10 Massive Security Breaches
The Texas comptrollers office began notifying millions of people Monday that their personal data had been involved in a data breach. The private data was posted to a public server, where it was available--in some cases--for over a year.
I deeply regret the exposure of the personal information that occurred and am angry that it happened, Texas comptroller Susan Combs said in a statement. I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location. We take information security very seriously and this type of exposure will not happen again.
The states attorney general and the FBI have launched a criminal investigation into the
data breach
. A state spokesperson told
The Dallas Morning News
that an unspecified number of people
were fired
after the breach was discovered on March 31, 2011.
The 3.5 million breached records include 1.2 million records, posted in January 2010, of education employees and retirees from the Teacher Retirement System of Texas. In addition, 2 million records from the Texas Workforce Commission (TWC), which provides unemployment benefits to Texas residents, were posted in April 2010. Finally, 281,000 records from the Employees Retirement System of Texas, involving state employees and retirees, were posted in May 2010.
According to the comptrollers office, the information was required to be transferred per statute by these agencies and used internally at the comptrollers office as part of the unclaimed property verification system. It also said that we have no information at this time that the personal information has been misused in any way.
The posted records included peoples names, mailing addresses, social security numbers, and in some cases also dates of birth and drivers license numbers. According to the comptrollers office, none of the data was encrypted, even though Texas administrative rules require agencies to encrypt all data files containing sensitive information. Furthermore, established security policies governing how information gets released were not followed.
The leak of social security numbers is dangerous, as they can be used by
identity thieves
to open bank accounts, secure lines of credit, and apply for credit cards. Accordingly, most organizations that experience a serious data breach, such as this one, extend free
credit monitoring services
to affected people to help offset the substantial time typically required to clean up any resulting identity theft. To date, Texas has not said it will offer such services to people affected by the comptrollers breach.
Instead, the state has set up an informational website, dubbed
Texas Safeguard
. Starting Tuesday, the state also began offering a toll-free number that people can call for more information, or to find out if they will be receiving a data breach notification letter. As of Tuesday, however, a message on the Web page noted that while the call center was equipped to receive 19,000 calls per day, and would be staffed 24 hours per day for the first week, it was currently receiving high call volumes and might be unavailable.
Perhaps thats not surprising, since based on the volume of potentially compromised records, the call center can only handle inquiries--on a per-day basis--from 0.5% of the people whose personal details were potentially breached.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Texas Data Breach Exposed 3.5 Million Records