Connecticut sues Accenture over Ohio breach

Share this article:

The state of Connecticut is suing IT consulting giant Accenture after sensitive information about state bank accounts and dozens of taxpayers was found to be placed on a backup tape stolen three months ago in Ohio.

Accenture said in a statment that the incident was caused by an employee mistake.

The lawsuit, filed Wednesday in Superior Court in Hartford, accuses Illinois-based Accenture of "illegal negligence, unauthorized use of state property and breach of contract," according to a statement from Connecticut Attorney General Richard Blumenthal.

Blumenthal filed the suit on behalf of state Comptroller Nancy Wyman after Accenture officials alerted her office that the confidential information of 58 state taxpayers, hundreds of state bank accounts and 754 purchasing cards were potentially exposed when thieves stole a backup tape out of an Ohio state intern's car in June.

Both states had contracted Accenture for technology services, but it is unknown how Connecticut data made its way onto the Ohio tape. According to the complaint, Connecticut hired Accenture for $98,000 in 2002 to help the state automate its human resources and financial computer systems.

That agreement contained privacy and confidentiality clauses to ensure sensitive data would be protected, according to the lawsuit. So far, there have no reports that any of the data on the tape – the theft of which also affected some 1.3 million Ohio residents – has been used for fraudulent purposes.

"Transferring this data to Ohio is inexplicable and inexcusable," Blumenthal said in a news release. "Confidential information can have the value of cash – especially in the wrong hands – but Accenture treated it like scrap paper."

A Blumenthal aide today directed requests for comment to the news release.

An Accenture spokesman  today declined to comment on the lawsuit and referred a reporter to the statement, issued by the company late Wednesday.

"Accenture is conducting a review of the Connecticut data security matter and, based on what we know today, we believe our policies were inadvertently not followed," the statement said. "We intend to take appropriate actions with any individuals involved and to reinforce with all of our employees, as we do on a regular basis, the importance of following our privacy and data protection policies."

Wyman said in the release that Accenture, which already has agreed to pay for credit-protection fees for affected people, should be held fully accountable.

Blumenthal said the lawsuit seeks reimbursement for some money already paid to Accenture and future damages.

"We will not tolerate reckless failure to safeguard sensitive data," he said.

Accenture, originally part of the now-defunct accounting firm Arthur Andersen, is the world's largest technology management and consulting company, with some 158,000 employees spanning 49 countries. The New York-based company said in June that it expects net revenues for the fourth quarter of this fiscal year to total up to $5 billion.

Late last year, Accenture and Symantec partnered to create a risk management service.

Share this article:

Sign up to our newsletters

More in News

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's ...

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Cryptoblocker variant emerges, encryption differs from CryptoLocker

Trend Micro has detected a variant of CryptoLocker in the wild that relies on the advanced encryption standard.

Jimmy John's sandwich chain investigating possible breach

Some financial institutions have indicated that credit cards recently used at Jimmy John's locations have been used to make fraudulent purchases.