News

Actions

State promises security upgrades after government data breaches

Default-Image_1280x720.png
Posted at 9:49 PM, May 31, 2013
and last updated 2013-06-01 00:43:21-04

SALT LAKE CITY -- In the aftermath of a series of data breaches, a renewed focus on securing personal information that is stored on government servers.

The Utah State Tax Commission, which oversees the Department of Motor Vehicles, promises it will have tighter security on new software when it's put in place before the end of the year. On Wednesday, FOX 13 News reported that a DMV employee was accused of stealing personal information and giving it out for others to commit crimes.

On Friday, Utah Department of Technology Services Executive Director Mark VanOrden said his office was working to upgrade data security at all agencies they oversee.

"We take cyber-security very seriously," he told FOX 13. "We know we have a lot of private and confidential data from the citizens of Utah, and we take the job of protecting that data very seriously."

It is the third major data theft from state computers in the past three years. In 2011, two employees at the Department of Workforce Services were convicted of mining data to compile a list of alleged illegal immigrants. Last year, hackers stole more than 780,000 pieces of information from a database for the Utah Department of Health.

It was that breach that led to the ouster of the previous director of Technology Services; VanOrden was appointed to the post and ordered by the governor to make changes.

"We have 1,100 different state applications," he said. "All 1,100 of those applications have this year gone through a risk assessment and data classification -- all 1,100."

Computer systems are being upgraded to include increased security -- including the monitoring of employees to ensure that data isn't stolen from the inside. While the Utah State Tax Commission insists the data theft from the DMV is isolated, the Salt Lake City Fire Marshal has said the employee confessed to them to taking information over a 14-year period.

The DMV acknowledges its current software cannot track who looks up what -- and when -- so they do not know how widespread the data theft is. The Utah State Tax Commission has said it believes the theft was limited in scope.

"This system came up in 2001. It's an older system. There is no auditing as far as who looked at what and when," VanOrden said Friday.

Upgrading the state's computer systems is not something that can be done with the push of a button. VanOrden said it may be 18 months before all the state agencies that DTS oversees has upgraded programs with tighter data security. (DTS does not maintain systems for public and higher education or the Utah State Courts.)

VanOrden told FOX 13 his office has 24-hour a day staffing, 365 days a year to monitor against computer intrusions and other issues. On average, the state gets 50 million potential malicious attacks on computer servers.

"I can sleep well at night, knowing we're doing a great job," VanOrden said. "But I'm not going to look you in the eye and say, 'I can guarantee you no breach will take place tomorrow or next year.' We're doing everything we can, but these guys are trying everything they can to get into data. This is the crime of the 21st century."