'Long-term' Employee Responsible for Mesa County Data Breach
Law Enforcement Files, Personal Information Released On The Internet
Mesa County is trying to figure out the extent of a security breach that put secure law enforcement files and some peoples' personal information out on the internet for anybody to view.
Officials say the error occurred while preparing for a future transition to a new software system for the Mesa County Sheriff?s Office. The person responsible has been let go, but the problem is just beginning for investigators.
"It's the county's fault that it was there," Sheriff Stan Hilkey said.
On purpose or not, Mesa County is dealing with a pretty big problem. "We are taking this very seriously," acting County Administrator Stefani Conley said. "This was a situation, that again, should not have happened."
Hundreds of thousands of pieces of personal information have been leaked onto an un-secure file-transfer website, or FTP.
"We do know that some of them do contain social security numbers," Hilkey said. Other information includes names and addresses of current and form sheriff's office employees. The same information could be found for almost anyone who had been listed on a police report with the county. Also, some investigation files were leaked.
"It was an error by an it employee and that employee is no longer with the county," Conley said. The county wouldn't divulge any information about the employee, other than saying in a statement that "this person was a long-term county employee."
Even though all signs point to this being just an honest mistake, it wasn't something that happened overnight. The data was moved to the un-secure website all the way back in April. But, the first security breach happened at the end of October.
"There was no criminal activity during the first breach," Hilkey said.
But, it still took county I.T. engineers almost a month to notice and shut down the problem.
"[During that time] I.P. addresses locally, nationally, and internationally have hit this website," Hilkey said.
Right now, the Mesa County Sheriff's Office is putting together an all out blitz on who might have seen this information. "Everyone who looked at it, shouldn't have," Hilkey added. "Some sites become very suspicious when they go through these proxy servers undetected."
Current and former sheriff's office employees, as well as some people who might have reported crimes in the past are all at risk here. And for those affected, this might be your best advice, "Contact one of the three credit bureaus and sign up for fraud alert," Hilkey said. "That's the best advice we're giving our own employees today."
Sensitive investigation files from the Western Slope Drug Task Force were also leaked. Some of the information even has to do with current ongoing investigations.
The sheriff's office is working closely with the FBI's Cyber Security Division to help in this case. But, Hilkey told us that it could take years before this incident is resolved.
County attorneys are trying to figure out if they could face any legal ramifications if somebody's identity is stolen. The sheriff's office is also asking people in Fruita and Palisade to be on alert if they've filed any reports with those local police departments in the past.
The three creditors who are available to help you are these: Equifax Credit Bureau Fraud Department - 800) 525-6285, Experian Information Solutions Fraud Department - (888) 397-3742, and the TransUnion Credit Bureau Fraud Department - (800) 680-7289.
Copyright 2010 KJCT. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.