http://www.informationweek.com/news/showArticle.jhtml?articleID=201807932 By Sharon Gaudin InformationWeek September 20, 2007 The State of Connecticut is suing its own computer consultant, Accenture, for losing personally identifying information on 58 residents and hundreds of state bank accounts and purchasing cards. Connecticut attorney general Richard Blumenthal announced he is suing the company for illegal negligence, unauthorized use of state property, and breach of contract. He filed the suit on behalf of state comptroller Nancy Wyman, whose office contracted with Accenture. "Accenture deserves censure -- to be held accountable for allowing valuable secret data to be stolen and putting at risk state taxpayers, bank accounts, and purchasing cards," Blumenthal said in a statement. "Accenture acted unconscionably and illegally. It breached its commitment to keep confidential this highly sensitive financial information. The company broke its contractual promises and duty of care to safeguard the secrecy of sensitive data. It misappropriated state property -- taking significant valuable data for its own use without permission or authority." Accenture released a statement saying the company is reviewing the matter. "Based on what we know today, we believe that our policies were inadvertently not followed," the statement read. "We intend to take appropriate actions with any individuals involved and to reinforce with all of our employees, as we do on a regular basis, the importance of following our privacy and data protection policies." The company also asserted that there is no evidence that the Connecticut data has been accessed or misused by an unauthorized third party. "As the Ohio inspector general determined, the technical complexity of retrieving the data from the backup tape storage device makes the possibility that it will be used for improper purposes remote," the company noted. "We invest heavily in training our employees so they understand how to appropriately handle sensitive data and we impress on them the importance of following our policies. Accenture regrets this unfortunate incident, which was clearly caused by human error, and remains committed to working with our client in this matter." According to an advisory from the attorney general's office, the lawsuit alleges that Accenture converted state property to its own use without permission, acted negligently, and violated its contract by allowing the sensitive data to be placed on a state of Ohio backup computer tape that was later stolen. The theft occurred in June, but Wyman's office was not notified that Connecticut information was involved until September 4. The Ohio governor's office says a backup tape was stolen in Ohio last June. It allegedly contained data that Accenture removed from the CORE-CT computer system, which performs Connecticut's payroll, personnel, purchasing, accounting, inventory, and other functions. Accenture, which developed the CORE-CT system, was developing a similar government information system in Ohio. Allegedly, this past weekend a state IT analyst found the tape contained virtually all Connecticut state agency bank account numbers, bank names, and types of accounts, as well other highly sensitive information, according to the governor's office. "Like a citizen whose wallet has been stolen, our first priority had to be safeguarding the information that was missing -- and that's just what we have done," said Connecticut Governor M. Jodi Rell, in a statement yesterday. "Now we need to start adding up the expenses we incurred in taking those actions and provide those figures to the attorney general so that he can recover those costs from Accenture. The repercussions of this loss are still being tallied -- and the final figure may not become clear for some time -- but we already know that Connecticut has incurred considerable expenses to deal with the loss of this information." __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Thu Sep 20 2007 - 22:25:28 PDT