Breach, Compliance Management, Data Security, Incident Response, Privacy, TDR

Connecticut state government bank account info on lost Ohio tape

In the data breach that seems to grow in severity by the day, Connecticut Gov. M. Jodi Rell announced Sunday that nearly all state government bank account data was stored on a backup computer tape stolen in June from a college intern's car in Ohio.

Calling the development an "unfathomable violation of information security," Rell said in a news release that the information included potentially billions of dollars worth of checking, money market, time deposit, savings, trust fund, treasury and certificates of deposit information. The tape also included sensitive data on 57 Connecticut residents.

An employee for Accenture, a third-party consultant, accidentally transferred the Connecticut information onto the Ohio tape, according to published reports. Accenture manages computer systems for both states.

Company spokesman Peter Soh declined to discuss the incident other than to say, "We're working with the state of Connecticut to address the issue."

The breach touched off a feud between Rell, a Republican, and state Comptroller Nancy Wyman and state Attorney General Richard Blumenthal. Rell said she was confused why Wyman and Blumenthal, both Democrats, did not notify her office about the scope of the data-loss incident.

"The depth and breadth of the bank account data breached is shocking," she said. "In essence, the state's banking information has been laid bare."

A Blumenthal aide referred calls for comment to Wyman's office. Deputy Comptroller Mark Ojakian told SCMagazine.com on Tuesday that the governor's office was first notified about the breach in a letter sent Sept. 10. The office was again alerted in a Sept. 14 letter that contained updated information about the incident.

"I don't understand why the governor felt the need, after all the remedies had been in place, to issue her press release on Sunday," he said. "I'm quite surprised by the governor's reaction to this."

The Ohio tape was not encrypted, but officials have said they do not believe thieves can access the data without specialized knowledge or equipment. No incidents of fraud have been reported.

The tape was stolen either June 10 or 11 when an intern, charged with bringing the data home for safekeeping, left it in a parked car. A state policy written in 2001 called for a network administrator to take home a copy of the backup tape each night.

The intern, who was making $10.50 per hour, was fired.

This marks the second time this month that the extent of the breach has grown. Last week, the state of Ohio disclosed that the tape contained the names and Social Security numbers of another 47,245 taxpayers and 19,388 state employees – bringing the total to some 1.3 million affected people.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.