Government // Open Government
11:41 AM
Connect Directly
Core System Testing: How to Achieve Success
Oct 06, 2016
Property and Casualty Insurers have been investing in modernizing their core systems to provide fl ...Read More>>

Lost USB Device Forces Virginia Into Damage Control, Again

A flash drive with more than 100,000 personal records has been misplaced by a researcher, while a new report finds widespread problems with the state's IT outsourcing deal.

Virginia, still managing its way through a troubled outsourcing deal, has a second IT mess on its hands. The state revealed that an unencrypted flash drive containing personal information on more than 100,000 adult education students has been lost.

The flash drive, which was lost after being given to a researcher at Virginia Tech for use in federally mandated research, contained the names, social security numbers, and birth dates of students who used adult education and literacy programs, as well as those who earned a high school equivalency certificate.

So far, there's no indication that the data on the drive has been used illegally or otherwise been compromised. "I know that I speak for all employees in expressing regret over the loss of the flash drive," Virginia superintendent of public instruction Pat Wright said in a statement. Virginia's department of education is committed to assisting and "mitigating any risk" to those affected, Wright added.

An announcement was mailed to more than 77,000 former students whose addresses were known, advising them to monitor their financial accounts and to place fraud alerts on their credit files. The state didn't have mailing addresses for 25,000 other students.

The possible data breach comes as auditors continue their investigation into problems with the state's $2.3 billion IT outsourcing deal with Northrop Grumman. Former state CIO Lemuel Stewart was fired earlier this year when he attempted to deny a $14 million payment to the company.

A Virginia commission has issued a 131-page report finding that, despite some progress, the Northrup Grumman deal has created barely a third of the jobs expected and that the vendor missed a July 2009 completion deadline so badly that only 54% of scoped projects had been completed as of last month. Virginia's poor contract management and governance were cited for contributing to the problems.

Other problems identified by the report: In one case, subcontractor Verizon attempted to work on the state's enterprise network during business hours without advance notice. In another, it took a prison 18 hours to regain inbound phone service after the problem was given low priority based on the number of employees rather than the number of inmates affected. Agencies have complained that Northrop Grumman hasn't adequately backed up data, while Northrop Grumman and the state disagree over the way that e-mail gets archived. And service calls are sometimes routed to the wrong technician.

The outsourcing deal is under investigation by the Virginia legislature. In August, Northrop Grumman submitted a plan to overhaul the deal.

Tom Shelman, VP of Northrop Grumman Information Systems' civil systems division, in a letter to auditors, pointed to "significant successes in recent months." In a separate letter to the commission, state CIO George Coulter noted that changes to the way Virginia works with Northrop Grumman are already underway.

As a result of the problems, Virginia governor Tim Kaine has made the case that the state's CIO should report to him, a position he repeated in a statement agreeing with the commission's findings.

Read InformationWeek's first-ever analysis of top CIOs in federal, state, and local government, and how they're embracing new expectations. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
Time to Reconsider Enterprise Email Strategy
Time to Reconsider Enterprise Email Strategy
Cost, time, and risk. It's the demand trifecta vying for the attention of both technology professionals and attorneys charged with balancing the expectations of their clients and business units with the hard reality of the current financial and regulatory climate. Sometimes, organizations assume high levels of risk as a result of their inability to meet the costs involved in data protection. In other instances, it's time that's of the essence, as with a data breach.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.