Lost USB Device Forces Virginia Into Damage Control, Again - InformationWeek
Government // Open Government
11:41 AM
Connect Directly

Lost USB Device Forces Virginia Into Damage Control, Again

A flash drive with more than 100,000 personal records has been misplaced by a researcher, while a new report finds widespread problems with the state's IT outsourcing deal.

Virginia, still managing its way through a troubled outsourcing deal, has a second IT mess on its hands. The state revealed that an unencrypted flash drive containing personal information on more than 100,000 adult education students has been lost.

The flash drive, which was lost after being given to a researcher at Virginia Tech for use in federally mandated research, contained the names, social security numbers, and birth dates of students who used adult education and literacy programs, as well as those who earned a high school equivalency certificate.

So far, there's no indication that the data on the drive has been used illegally or otherwise been compromised. "I know that I speak for all employees in expressing regret over the loss of the flash drive," Virginia superintendent of public instruction Pat Wright said in a statement. Virginia's department of education is committed to assisting and "mitigating any risk" to those affected, Wright added.

An announcement was mailed to more than 77,000 former students whose addresses were known, advising them to monitor their financial accounts and to place fraud alerts on their credit files. The state didn't have mailing addresses for 25,000 other students.

The possible data breach comes as auditors continue their investigation into problems with the state's $2.3 billion IT outsourcing deal with Northrop Grumman. Former state CIO Lemuel Stewart was fired earlier this year when he attempted to deny a $14 million payment to the company.

A Virginia commission has issued a 131-page report finding that, despite some progress, the Northrup Grumman deal has created barely a third of the jobs expected and that the vendor missed a July 2009 completion deadline so badly that only 54% of scoped projects had been completed as of last month. Virginia's poor contract management and governance were cited for contributing to the problems.

Other problems identified by the report: In one case, subcontractor Verizon attempted to work on the state's enterprise network during business hours without advance notice. In another, it took a prison 18 hours to regain inbound phone service after the problem was given low priority based on the number of employees rather than the number of inmates affected. Agencies have complained that Northrop Grumman hasn't adequately backed up data, while Northrop Grumman and the state disagree over the way that e-mail gets archived. And service calls are sometimes routed to the wrong technician.

The outsourcing deal is under investigation by the Virginia legislature. In August, Northrop Grumman submitted a plan to overhaul the deal.

Tom Shelman, VP of Northrop Grumman Information Systems' civil systems division, in a letter to auditors, pointed to "significant successes in recent months." In a separate letter to the commission, state CIO George Coulter noted that changes to the way Virginia works with Northrop Grumman are already underway.

As a result of the problems, Virginia governor Tim Kaine has made the case that the state's CIO should report to him, a position he repeated in a statement agreeing with the commission's findings.

Read InformationWeek's first-ever analysis of top CIOs in federal, state, and local government, and how they're embracing new expectations. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll