Connecticut Governor Rell Mobilizes Statewide Response To Information Security Breach
By newsdesk - Posted on September 18th, 2007
Monitoring Activities Heightened, Agency Heads, Bank CEO’s Briefed, Emergency Meeting of Core-CT Project Scheduled for Wednesday
September 17, 2007 -- Connecticut Governor M. Jodi Rell today launched a statewide mobilization of state agency heads, financial officers, and bank executives in response to the theft of a backup computer tape containing virtually all state agency bank account numbers, bank names and types of accounts as well as the names and social security numbers of dozens of Connecticut taxpayers.
The tape was stolen in Ohio in June and contained data removed by Accenture from the State’s Core-CT computer system, which performs all the State’s payroll, personnel, purchasing, accounting, inventory and other functions. Accenture, the consultant that developed the Core-CT system, was developing a similar government information system in Ohio.
“My single greatest concern today, apart from the security of payer information, is for the security of our State’s banking information and financial transactions,” Governor Rell continued. “Today my staff has been working with all state agencies to determine which of the accounts on the stolen data tape are still active, whether there has been any improper activity, and what needs to be done to protect those accounts so the stolen data can never be used to access them.”
“These accounts contain millions of taxpayer dollars and they must be protected from even the slightest risk of fraud or abuse.”
Actions taking place today include alerts to state agency heads, financial officers and bank chief executive officers; an emergency meeting of state agency commissioners to review the breach and discuss additional information security measures ordered by Governor Rell; a letter to Accenture, with questions on what additional State data they are in possession of and what other states they may have shared that information with; and the scheduling of an emergency Core-CT meeting to review and revise the State’s contract with Accenture so as to explicitly prohibit the sharing of Connecticut –specific information.
More specifically, at Governor Rell’s direction:
• The Department of Information Technology (DOIT) provided the Department of Administrative Services (DAS) with the list of stolen agency bank account and purchasing card numbers based on their analysis of the stolen data tape conducted over the weekend.
• DAS contacted the Chief Fiscal Officers at each affected agency to determine which accounts on the stolen tape remain active and to ascertain whether any accounts had been improperly accessed. Agencies were also advised of the Governor’s order to heighten their monitoring activities and were asked to confirm compliance with Governor Rell’s order that that all agency purchasing cards listed on the stolen data be cancelled and replaced.
• Letters were sent alerting chief executive officers of banks holding State accounts asking them to be extra vigilant relative to possible unauthorized activity relating to these accounts.
• A letter was sent to Accenture demanding prompt answers as to whether Accenture had any additional State of Connecticut data, and whether or not that data had been used by Accenture in any form – on-site or within Accenture offices – in the development of any product other than the OAKS project in Ohio.
• An emergency meeting of the Core-CT steering committee was scheduled for Wednesday, September 19, to review and draft changes to the State contract with Accenture so as to prohibit any use of Connecticut data. The meeting was called by Office of Policy and Management (OPM) Secretary Robert Genuario. The Steering Committee is chaired by Comptroller Nancy Wyman and also includes the Commissioner of DAS and DOIT.
• A mandatory meeting of all agency commissioners was held in the Governor’s Office this afternoon to provide a status report on the state financial data breach and corrective actions, to reiterate the new statewide security policy governing laptop and mobile computing devices; and to update agencies on the acceleration of the selection and deployment of enterprise encryption tools for use by state agencies.
Source: Connecticut Governor
Related articles
- 2008-05-26: Connecticut Governor Rell Directs Consumer Protection to Send Additional Subpoenas in Data Theft Case
- 2007-09-18: Connecticut Governor Rell Mobilizes Statewide Response To Information Security Breach
- 2007-09-17: Connecticut Governor Rell Says Review of Data Lost in Ohio Shows ‘Unfathomable’ Breach of Information Security
- 2008-03-31: Connecticut Governor Rell Convenes Statewide Conference on School Safety
- 2008-01-25: Connecticut Governor Rell Announces $5 Million to Improve School Security
- 2007-12-03: Connecticut Governor Rell Applauds New System to Monitor State’s Dams
- 2007-09-25: Connecticut Governor Rell Details Steps to Safeguard Residents, Reduce Public Risk from Violent Offenders
- 2007-09-20: Connecticut AG, Comptroller Sue Accenture Over Loss, Misuse Of Confidential Taxpayer, State Bank Account Information
- 2007-09-19: Connecticut Governor Rell Announces Kickoff of $10 Million School Security Competitive Grant Program
- 2007-09-18: Connecticut AG Praises Comptroller For Providing Free, Extensive Credit Protection After Data Breach
- 2007-09-06: Connecticut Governor Rell: Connecticut First in Nation to Connect First Responders Statewide
- 2007-08-31: Connecticut Governor Rell Orders New Controls On Laptop Security
