The Texas Comptroller’s Office computer security breach was not an intrusion attack in itself; it was human error. The breach included names, addresses and Social Security numbers of all those on the list. In some cases, dates of birth and driver’s license numbers were also listed. This Texas breach follows last week’s Epsilon’s, Irving, Texas, breach of names and email addresses. In the Epsilon breach, the company paid for the credit monitoring services of affected clients. In the Texas Comptroller’s Office breach, no such services are provided. Affected citizens can use the free alert services of the credit reporting companies. Users are covered for 90 days free of charge, and then have to subscribe to paying services.
We know from experience that seasoned identity theft criminals wait for months to take advantage of this type of human errors, for two reasons, first, to give the public time to forget about the breach event and second, that hackers know that they are being under surveillance and will be detected if they use the data at this time. The statement from a Texas State Comptroller Susan Combs aid that “There is no indication the personal information was misused” is true, but it is not an assurance that users will not be victimized in the future using the compromised data.
Update August 3, 2011
In response to a massive data breach unveiled this spring, the Texas Comptroller’s Office has hired its first-ever chief privacy officer and first-ever chief information security officer. Elizabeth Rogers has filled the new role of chief privacy officer.