Lost USB Device Forces Virginia Into Damage Control, Again
A flash drive with more than 100,000 personal records has been misplaced by a researcher, while a new report finds widespread problems with the state's IT outsourcing deal.
Virginia, still managing its way through a troubled outsourcing deal, has a second IT mess on its hands. The state revealed that an unencrypted flash drive containing personal information on more than 100,000 adult education students has been lost.
The flash drive, which was lost after being given to a researcher at Virginia Tech for use in federally mandated research, contained the names, social security numbers, and birth dates of students who used adult education and literacy programs, as well as those who earned a high school equivalency certificate.
So far, there's no indication that the data on the drive has been used illegally or otherwise been compromised. "I know that I speak for all employees in expressing regret over the loss of the flash drive," Virginia superintendent of public instruction Pat Wright said in a statement. Virginia's department of education is committed to assisting and "mitigating any risk" to those affected, Wright added.
An announcement was mailed to more than 77,000 former students whose addresses were known, advising them to monitor their financial accounts and to place fraud alerts on their credit files. The state didn't have mailing addresses for 25,000 other students.
The possible data breach comes as auditors continue their investigation into problems with the state's $2.3 billion IT outsourcing deal with Northrop Grumman. Former state CIO Lemuel Stewart was fired earlier this year when he attempted to deny a $14 million payment to the company.
A Virginia commission has issued a 131-page report finding that, despite some progress, the Northrup Grumman deal has created barely a third of the jobs expected and that the vendor missed a July 2009 completion deadline so badly that only 54% of scoped projects had been completed as of last month. Virginia's poor contract management and governance were cited for contributing to the problems.
Other problems identified by the report: In one case, subcontractor Verizon attempted to work on the state's enterprise network during business hours without advance notice. In another, it took a prison 18 hours to regain inbound phone service after the problem was given low priority based on the number of employees rather than the number of inmates affected. Agencies have complained that Northrop Grumman hasn't adequately backed up data, while Northrop Grumman and the state disagree over the way that e-mail gets archived. And service calls are sometimes routed to the wrong technician.
The outsourcing deal is under investigation by the Virginia legislature. In August, Northrop Grumman submitted a plan to overhaul the deal.
Tom Shelman, VP of Northrop Grumman Information Systems' civil systems division, in a letter to auditors, pointed to "significant successes in recent months." In a separate letter to the commission, state CIO George Coulter noted that changes to the way Virginia works with Northrop Grumman are already underway.
As a result of the problems, Virginia governor Tim Kaine has made the case that the state's CIO should report to him, a position he repeated in a statement agreeing with the commission's findings.
Read InformationWeek's first-ever analysis of top CIOs in federal, state, and local government, and how they're embracing new expectations. Download the report here (registration required).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.