Connecticut sues Accenture over Ohio breach

Share this article:

The state of Connecticut is suing IT consulting giant Accenture after sensitive information about state bank accounts and dozens of taxpayers was found to be placed on a backup tape stolen three months ago in Ohio.

Accenture said in a statment that the incident was caused by an employee mistake.

The lawsuit, filed Wednesday in Superior Court in Hartford, accuses Illinois-based Accenture of "illegal negligence, unauthorized use of state property and breach of contract," according to a statement from Connecticut Attorney General Richard Blumenthal.

Blumenthal filed the suit on behalf of state Comptroller Nancy Wyman after Accenture officials alerted her office that the confidential information of 58 state taxpayers, hundreds of state bank accounts and 754 purchasing cards were potentially exposed when thieves stole a backup tape out of an Ohio state intern's car in June.

Both states had contracted Accenture for technology services, but it is unknown how Connecticut data made its way onto the Ohio tape. According to the complaint, Connecticut hired Accenture for $98,000 in 2002 to help the state automate its human resources and financial computer systems.

That agreement contained privacy and confidentiality clauses to ensure sensitive data would be protected, according to the lawsuit. So far, there have no reports that any of the data on the tape – the theft of which also affected some 1.3 million Ohio residents – has been used for fraudulent purposes.

"Transferring this data to Ohio is inexplicable and inexcusable," Blumenthal said in a news release. "Confidential information can have the value of cash – especially in the wrong hands – but Accenture treated it like scrap paper."

A Blumenthal aide today directed requests for comment to the news release.

An Accenture spokesman  today declined to comment on the lawsuit and referred a reporter to the statement, issued by the company late Wednesday.

"Accenture is conducting a review of the Connecticut data security matter and, based on what we know today, we believe our policies were inadvertently not followed," the statement said. "We intend to take appropriate actions with any individuals involved and to reinforce with all of our employees, as we do on a regular basis, the importance of following our privacy and data protection policies."

Wyman said in the release that Accenture, which already has agreed to pay for credit-protection fees for affected people, should be held fully accountable.

Blumenthal said the lawsuit seeks reimbursement for some money already paid to Accenture and future damages.

"We will not tolerate reckless failure to safeguard sensitive data," he said.

Accenture, originally part of the now-defunct accounting firm Arthur Andersen, is the world's largest technology management and consulting company, with some 158,000 employees spanning 49 countries. The New York-based company said in June that it expects net revenues for the fourth quarter of this fiscal year to total up to $5 billion.

Late last year, Accenture and Symantec partnered to create a risk management service.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.