RSSSHARE
Breach could put people at risk
The inadvertent online publishing of more than 20 years’ worth of personal and investigative Mesa County Sheriff’s Department records could put at risk the personal and financial security of departmental employees and informants, current and former Sheriff’s Department employees said Friday.
“My flush reaction is it’s obviously a cyber disaster,” former Sheriff Riecke Claussen said. “I think that, obviously with the type of information that the sheriff’s office deals with, that security of information is of top concern.”
Meanwhile, Sheriff Stan Hilkey and top-level county administrators have begun drafting a plan to notify everyone whose information could have been compromised. That could be a monumental task, because there are more than 200,000 name files in the Sheriff’s Department’s records-management system, although officials don’t know how many of those files were publicized.
As was first reported by The Daily Sentinel on Friday, authorities said an employee in the county’s Information Technology Department in April loaded the files onto what he believed was an encrypted county server. The employee was working on a project integrating computer databases between Grand Valley law-enforcement agencies.
Instead, the information was posted to a county URL address that wasn’t protected by a password. Authorities later determined someone outside the county first accessed data on the website Oct. 30. The site wasn’t taken down until Nov. 24, when someone found his or her name mentioned in the files while searching the Internet and notified authorities.
The longtime Information Technology Department employee, whom the Sheriff’s Department declined to identify, no longer works for the county.
The files posted on the site featured an array of information, including names of confidential informants, e-mails about crime victims and homicide investigations. They also included personal details about sheriff’s employees: home addresses, names of employees’ spouses and children and schools the children attend.
Hilkey said Thursday the data was accessed multiple times from local, national and international computers. But authorities remain in the dark about much regarding the breach, including exactly how many people have obtained the information and how much of it remains online.
On Friday, the sheriff said Sheriff’s Department employees were unwilling to speak with the media about the security breach. But he and sheriff’s spokeswoman Heather Benjamin said reaction from his staff, who are already dealing with the fallout of recent budget cuts, ranges from shock to anger to worry.
Hilkey said the department has notified confidential informants about what happened and informed employees how to check their credit. He said the department has not initiated additional patrols of employees’ homes.
Claussen, who worked for the Sheriff’s Department for 32 years, including the past 12 as sheriff, said the release of private information “could be a life-threatening situation for people who have been involved in law-enforcement investigations” and called the prospect of criminal investigations being compromised “frightening.”
“I suspect, (with) the sheer volume of information that’s been released, that we may not know the damage from that for years to come,” he said.
As a former Sheriff’s Department captain and seven-year employee, Grand Junction attorney Rick Wagner said he is not worried about people knowing his location, noting “my name is on the side of the building.”
“But I completely would be concerned about other employees who don’t want their information out there, especially when they weren’t expecting it,” he said.
Wagner said people who have an ax to grind with officers could use that personal information to retaliate in fashions ranging from “having 100 pizzas delivered to their home” to stealing officers’ identity and ruining their credit scores.
Former sheriff’s investigator Larry Bullard said he’s not worried about someone knowing where he lives. “I don’t get all worked up about it. I’m in the phone book. Anyone who wants to get ahold of me pretty much can,” he said.
Bullard said while he’s sure there will be some damage to the Sheriff’s Department, he doubts that those who could do the most harm — criminals — were trolling the Internet looking for secret information involving the department.
COMMENTS
Commenting is not available in this channel entry.