by Christopher Maag

The Texas Comptroller’s Office exposed the personally identifying information of 3.5 million people, exposing them to the risk of identity theft “for a long period of time,” according to a statement released Monday by Comptroller Susan Combs.

The information was unencrypted, and the server was not protected by passwords.

“I deeply regret the exposure of the personal information that occurred and am angry that it happened,” Combs said in a press release.

The exposure happened because of human error after people inside the comptroller’s office failed to follow data security rules, Combs said. The data came from the Teacher Retirement System of Texas, the Texas Workforce Commission and the Employees Retirement System of Texas, and it included names, Social Security numbers, dates of birth and driver’s license numbers.

The agencies did not encrypt the files, as required by Texas state government rules, Combs said. Workers in Combs’ office then placed the files on a server accessible to the public. Someone discovered the mistake on the afternoon of March 31, according to the press release.

The only marginally good news is that the information was recorded in long strings of numbers, instead of separated into distinct fields.

“I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered and was then moved to a secure location,” Combs said in the release. “We take information security very seriously and this type of exposure will not happen again.”

Combs contacted the state attorney general’s office to investigate what went wrong.  On April 13, her office began mailing letters to people whose information was exposed. Combs also said she will work with state legislators on a bill to create chief privacy officers at every state agency, and to create a statewide council on information security.

Related:

The End of Digital Innocence: What Does the Epsilon Breach Mean?

The Church of Identity Theft

Don’t Add Insult to Injury After a Data Breach

Christopher Maag is a freelance journalist for publications including The New York Times, TIME magazine and Popular Mechanics. He graduated with honors from the Columbia University Graduate School of Journalism, and has worked as a staff writer for daily newspapers, monthly magazines, alt weeklies and websites.  Maag writes about people with big dreams set on little stages, including a teenage girl who races jet-powered tractors, and people who make millions of dollars impersonating Barack Obama.

Image: Davide Restivo, via Flickr.com

This article originally appeared on Credit.com.

Leave a Reply