Top Story #2: Data breach surprises county
The technology error of a lifetime in Mesa County happened in seconds and lingered for months.
Fallout may not be realized for years.
A click of a computer mouse by a now-former employee of the county’s Information Technology Department set into motion a massive online exposure of sensitive information, which wasn’t noticed until seven months after the fact.
“The irony for us,” said Mesa County Sheriff Stan Hilkey, whose department’s database was exposed, “is we’ve done enormous amount of work with (Mesa County IT) on security.”
As was first reported by The Daily Sentinel on Dec. 2, two decades worth of Sheriff’s Department data was exposed to the Internet by one employee’s mistake: Information affecting some 200,000 people, including the identities of drug informants, addresses, phone numbers and Social Security numbers, and thousands of investigative files with personal information about victims, suspects and interviews.
Prosecutors and other personnel at the Mesa County Justice Center later learned some of their own identifying information was included in the breach.
The makings of what former Sheriff Riecke Claussen called Mesa County’s “cyber disaster” were traced to ongoing efforts to integrate information for all Grand Valley law enforcement agencies into a single computer database.
An employee in the county’s IT department in April moved several massive Sheriff’s Department files to a section of a county server that the employee believed to be secure. It wasn’t.
The mistake wasn’t discovered until Nov. 24, when an officer with Western Colorado Drug Task Force received a phone call from someone surprised to find his or her name included in a trove of documents posted online. It was taken down the same day.
Experts determined the files weren’t accessed from an outside computer until Oct. 30. Authorities refused to specify how many times it was hit afterward, but have said local, national and international computers accessed the material.
While enlisting the help of the FBI, Hilkey acknowledged they may never know how many times the information was saved, printed and further disseminated, or if it’s still lurking somewhere online.