State Takes Security Measures After Comptroller Leak

It’s been more than a month since state officials acknowledged millions of Texans’ personal information was publicly available for more than a year. That data was not being stored in compliance with state policy, but state agencies have still moved to tighten security in the wake of the disclosure. The state has taken measures since the leak to make sure something like this doesn’t happen again.

New security measures are being felt even here at KUT. The station is technically a state agency, and UT-Austin has put out new security directives since the breach.

“Basically, around mid-April, we got a notice from campus IT that it was now going to be standard policy for any laptop owned by the university to be encrypted by default,” John Craig with KUT’s Information Technology Department said.

I brought my little laptop to him to get encrypted. That means scrambling the data on the laptop using what’s called a cipher. And the only way to unscramble it is with a password. According to Craig, that means if you can’t generate that cipher using your password, you just can’t get the data.

So I set a password and the encryption began. When it was done, all of my secret radio stories were safe from criminals. Of course, if I was storing sensitive information, what the state calls “Category One” data, that would be safe, too.

“Once this process is finished, the only evidence of it that you’ll see is that you have to use that password when you log in,” Craig said.

At the comptroller’s office, where the data breach occurred, there have been a few changes, too. The breach happened because names, addresses and social security numbers of more than three-million Texans were stored alongside other information that was supposed to be public on one single server. No more.

“What we did was we created two servers,” Comptroller Spokesman RJ DaSilva said. “One for public information and then a second, secure server for the password-protected information.

The comptroller has also commissioned an outside study of their computer security. Results will probably be available sometime in July. The Department of Information Resources, which provides oversight of state computer systems, said it did not have anyone available to talk about security changes. But the state has created an inter-agency committee to set standards for data encryption. A memo from last week outlines a policy that would apply across state government and it wouldn’t cost the state anything.

Back at my laptop, the encryption process is complete and my data is secure. IT guys like Craig are trying to meet a June 20th deadline set by the University to encrypt all laptops. The software is free, but each encryption takes between three and five hours of human power.

“With as many intrusions as we’ve seen in both the public and the private data worlds this year, this is going to become really common,” Craig said.

As the state works to head off costly data breaches, the University may just be the first agency to adopt this kind of encryption policy.

Leave a Comment

three × 9 =

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>