Texas Comptroller Apologizes For Records Release

SAN ANTONIO (AP) – The release of personal information of 3.5 million Texans — including addresses and Social Security numbers — was a result of “human error” and was not done maliciously, State Comptroller Susan Combs said Thursday, while also adding that authorities are still going to investigate.

In an interview with The Associated Press, Combs also said there’s no indication the information, which in some cases included birthdates and driver’s license numbers, has been misused. Still, she’s ready to provide additional help to anyone who may become a victim of wrongdoing.

“We believe it’s inadvertent, but that’s why we also called in the (attorney general’s) office, and we are, of course, working closely with them,” said Combs, who spoke to several media outlets for the first time since her office announced on April 11 that the information was posted on public servers controlled by her office and remained there in some cases for more than a year.

“It’s basically human error,” Combs said. “There were policies for deleting files, there were policies for not uploading files, and none of the policies and the procedures were followed.”

Four employees in her office have been dismissed. Combs said she has no reason to believe more will lose their jobs.

Texas Attorney General Greg Abbott’s office and the FBI are trying to determine how and why the data was posted on a comptroller FTP site that was accessible to the public. Authorities have refused to comment on whether any of that information may have been used in cases of identity theft or other criminal matters, citing their ongoing investigation.

Combs had apologized in previous written statements and did so again during the interview, saying “I just think that it upsets a lot of people and I really understand that.”

“I want to express my real sorrow that this happened to them and accept responsibility for it,” she said.

Combs said her office has so far spent $1.8 million mailing letters to affected people and establishing a 24-hour informational hotline.

Her office had enlisted two firms to provide discounts for a year of credit monitoring services to those affected, but increased that offer to a year of free credit monitoring for those affected starting Friday. She said that service will cost the state $6 per enrollee.

The comptroller also said she will use personal campaign funds to offer identity restoration services to anyone whose information is misused.

The problem occurred after Comb’s office attempted to return unclaimed cash and other assets to state employees and asked the Teacher Retirement System, the Employee Retirement System and the Texas Workforce Commission for electronic information about their members and retirees.

The teacher retirement data was transferred in January 2010 and had records of 1.2 million education employees and retirees. The Texas Workforce Commission data transferred last April had information for about 2 million individuals. The Employee Retirement System data was provided in May 2010 and had information on about 281,000 people.

All the records remained accessible to the public until the end of March, when authorities discovered the problem and began blocking access. Most of those affected didn’t learn of the problem until Combs’ office announced it April 11.

The comptroller blamed the delay on logistical problems, saying her office needed time to prepare the mailings and hotline and was slowed by government purchasing rules.

A private firm Combs’ office hired to cope with the security breach, Deloitte Consulting, has a political action committee that contributed $44,000 to her past comptroller campaigns, according to a story published this week in The Dallas Morning News. It and another firm, Gartner Inc., were brought in without a competitive bidding process.

Combs said Thursday that choosing those companies had nothing to do with campaign contributions. She said both were selected because they were on a state list of pre-approved companies, allowing her office to bypass a bidding process that would have taken 60 to 90 days.

“I felt it was urgent to get folks in here rather than wait two to three months,” she said. “I thought that was the prudent thing to do. And I still think I’m right.”

(© Copyright 2011 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.)

  • Rick McDaniel

    That’s the kind of human error, that SHOULD NOT be happening.

  • Don

    If policies are not followed then those who didn’t follow it should be fired, along with the one at the top who was responsible to oversee policies are followed which is you Susan Combs. Your not accepting responsibility for it or you would have quit for failing to do your job. Your spending our money for fixing your problem, how bout that money coming out of your pocket instead of ours?
    Then you hire buddies without a bid to fix your security problems? If you where more honest you would have picked companies on that list that never gave you campaign contributions since you where right that time was essential, yet wrong in the fact you hired those who gave you contributions.
    How do you sleep at night after robbing tax payers of money to fix your failure of doing your job right, firing others for the same mistake your guilty of since you where over them thus the final line of defense, and then giving kick-back jobs to a campaign contributor? Apologies are nice, but if you where sincere in them you would have quit and helped pay for this mess instead of making the tax payers do it. What you have just told us is that children who are the hackers that steal such information easily from mistakes like this are wiser and more educated than you are? Yes some hackers are older, yet check it out most started out young.

  • R. Donoho

    I was apprised by letter from the comptroller I was one of the 3.5 million, I don’t meet the prerequisite?? From the same entity that was overly proactive recording license plate data at proposed Texas toll sites, another inexcusable breach. Until a fix for human error/greed evolves, a timely concerted effort to prevent collateral damage is the panacea concerning over sites of this magnitude.. My point being …the State demonstrated the ability to hire and train myriad personnel to expedite the collection of pertinent data concerning intrastate travel, conversely, the burden of culpability rests in the fact that the same zeal to acquire sensitive info by the entity entrusted with the stewardship of these records was non existent protecting it. As Mr McDaniel, a man with years of experience regarding this subject commented this simply never should have occurred. Failure to deal with the consequences in a timely manner is inexcusable.

  • r.d

    postscript to my comment regarding repercussions in this matter.. I’ve not had any incident relating to identity theft until recently, one a failed attempt to debit funds from a margin account, failing only due to amount requested the other a money making scheme emailed to all listed contacts in my mailbox listing me as originator. I’m not privy to any other incidents

blog comments powered by Disqus
The Taz Show

Listen Live