Austin – The records of about 3.5 million people, including Social Security numbers, were erroneously placed on a public computer server at the Texas Comptroller’s Office and remained there for about a year until officials discovered the mistake less than two weeks ago, the agency acknowledged today.
“I deeply regret the exposure of the personal information that occurred and am angry that it happened,” said Texas Comptroller Susan Combs, the state's chief financial officer. “I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location.
“We take information security very seriously, and this type of exposure will not happen again,” Combs said. She said there was no indication that the personal information was misused.
Allen Spelce, the department's chief communications officer, said it appeared to be the largest-ever unauthorized release of public information by a state agency. The officials responsible for the mistake were dismissed this morning, Spelce said. He declined to specify the number of those involved.
The records included the names and mailing addresses of individuals, as well as Social Security numbers, said officials. To varying degrees, the material released personal information such as dates of birth or driver's license numbers.
The information was in data transferred by the Teacher Retirement System of Texas (TRS), the Texas Workforce Commission (TWC) and the Employees Retirement System of Texas (ERS).
The TRS data transferred in January 2010 had records of 1.2 million education employees and retirees, the comptroller's office said in a news release detailing the error. The TWC data transferred in April 2010 had records of about 2 million individuals in their system. And the ERS data transferred in May 2010 had records of approximately 281,000 state employees and retirees, the comptroller said.
Comptroller officials said in a news release that the data files transferred by those agencies were not encrypted as required by Texas administrative rules established for agencies, the comptroller's office said. In addition to that, personnel in the comptroller's office incorrectly allowed exposure of that data, the agency said.
Comptroller officials said they discovered the mistake the afternoon of March 31 and began to seal off public access to the files. The attorney general's office is conducting an investigation on the data exposure and is working with them.
The information was required to be transferred per statute by these agencies and used internally at the comptroller's office as part of the unclaimed property verification system.
The agency has set up an informational website for individuals at www.TXsafeguard.org to provide additional details and recommended steps and resources for protecting identity information.
A special toll-free phone line – 855- 474-2065 – will also be available for individuals to call beginning Tuesday. People will be able to check if they are receiving a notification letter by calling that toll-free phone line.
Dave Montgomery, 512-476-4294