|
|
Texas Lottery suffers computer security breach
Texas Lottery: Texas Lottery suffers computer security breach
Sensitive personal data on 89,000 players copied by former employee
The Texas Lottery Commission is alerting tens of thousands of lottery winners that they're on a not-so-lucky list.
More than 89,000 lottery winners are being notified that sensitive information about them including their names, Social Security numbers, addresses and prize amounts were taken from the agency without permission by a former employee.
The 39-year-old computer analyst, who left the state commission last year after eight years on the job, apparently copied onto computer disks sensitive information on thousands of lottery commission employees, retailers and vendors, as well.
The employee, who told investigators he eventually copied the data onto his work computer at the Texas Comptroller's Office, has not been charged. The case is being investigated by the Travis County District Attorney's office.
Investigators with the Texas Comptroller's Office said they have no evidence the information was used to commit fraud.
Still, the Lottery Commission is advising those they contact to place a fraud alert on their credit files.
Agency spokesman Bobby Heith said that while officials were looking at measures to prevent similar acts from occurring, no new security procedures had yet been adopted.
In August, investigators with the Comptroller's Office were asked to examine the computer files of the former lottery employee, who was working for the comptroller.
They discovered sensitive data on 27,000 individuals, the majority of them winners. Subsequent searches turned up data on 78,000 additional individuals, including 62,000 winners.
The agency notified people in the first group last month and began sending out letters to the 78,000 people this past week.
Several days after he was fired, the employee told investigators that prior to leaving the lottery commission, "I indiscriminantly copied all the files from the My DOC folder to a CD/DVD which I carried (to subsequent jobs)," according to a search warrant.
The employee added he wanted the information "for possible future reference as a programmer at other state agencies."
Houston Chronicle
We'd love to see your comments here! Register for a FREE membership — it takes just a few moments — and you'll be able to post comments here and on any of our forums.
If you're already a member, you can Log In to post a comment.
10 comments. Last comment 11 months ago by .
|
United States
Member #59008
February 18, 2008
710 Posts
Offline
|
| Posted: November 3, 2008, 8:45 pm - IP Logged |
|
Sensitive personal data on 89,000 players copied by former employee
The Texas Lottery Commission is alerting tens of thousands of lottery winners that they're on a not-so-lucky list.
More than 89,000 lottery winners are being notified that sensitive information about them including their names, Social Security numbers, addresses and prize amounts were taken from the agency without permission by a former employee.
The 39-year-old computer analyst, who left the state commission last year after eight years on the job, apparently copied onto computer disks sensitive information on thousands of lottery commission employees, retailers and vendors, as well.
The employee, who told investigators he eventually copied the data onto his work computer at the Texas Comptroller's Office, has not been charged. The case is being investigated by the Travis County District Attorney's office.
Investigators with the Texas Comptroller's Office said they have no evidence the information was used to commit fraud.
Still, the Lottery Commission is advising those they contact to place a fraud alert on their credit files.
Agency spokesman Bobby Heith said that while officials were looking at measures to prevent similar acts from occurring, no new security procedures had yet been adopted.
In August, investigators with the Comptroller's Office were asked to examine the computer files of the former lottery employee, who was working for the comptroller.
They discovered sensitive data on 27,000 individuals, the majority of them winners. Subsequent searches turned up data on 78,000 additional individuals, including 62,000 winners.
The agency notified people in the first group last month and began sending out letters to the 78,000 people this past week.
Several days after he was fired, the employee told investigators that prior to leaving the lottery commission, "I indiscriminantly copied all the files from the My DOC folder to a CD/DVD which I carried (to subsequent jobs)," according to a search warrant.
The employee added he wanted the information "for possible future reference as a programmer at other state agencies." Maybe he hasn't committed fraud with the information that he stole,but he still stole the information.It wasn't his to take,that makes him a thief and he should be charged with theft and sent to prison.The only "state agency" he should be allowed to work for in the future is the state prison system....on the other side of the bars
|
|
|
Idaho United States Member #56982 November 21, 2007 3187 Posts Offline |
| Posted: November 4, 2008, 12:25 am - IP Logged |
|
Maybe he hasn't committed fraud with the information that he stole,but he still stole the information.It wasn't his to take,that makes him a thief and he should be charged with theft and sent to prison.The only "state agency" he should be allowed to work for in the future is the state prison system....on the other side of the bars I agree. There was no reason whatsoever, for this guy to copy confidential information onto disks after he was fired. No reason. He claims he wanted the information "for possible future reference as a programmer at other state agencies." Sorry, but bullcrap. That personal information was not given to him to use and I am sure he was going to use it for criminal acts. I hope they throw the book at this guy. "No one remembers the person who almost climbed the mountain, only the person who eventually gets to the top."
ThatScaryChick
|
|
|
Dallas, TX United States Member #60771 April 12, 2008 3015 Posts Online |
| Posted: November 4, 2008, 12:36 am - IP Logged |
|
Maybe he wanted to send out a farewell card to the people after leaving the job? ;) Lottoism: Free pick 3 & Pick 4 predictions.
|
|
|
Michigan United States Member #54649 August 8, 2007 95 Posts Offline |
| Posted: November 4, 2008, 5:51 am - IP Logged |
|
Wow! A very shocking story. Hope all those people don't have to pay for his mistake.
|
|
|
United States Member #28776 December 15, 2005 1170 Posts Offline |
| Posted: November 4, 2008, 7:06 am - IP Logged |
|
Let me first say, I am not advocating his behavior., nor do I think his intentions were on the up and up. However, there is another possible reason he took the information. It may be the only proof he has to show for something he "discovered" about the lottery. Just a thought.
"By and by God caught his eye." David McCord
(12/15/1897 – 04/13/1997) US writer , epitaph for a waiter
"The vote, I thought, means nothing to women. We should be armed." Edna O'Brien
(12/15/1930 – ) Irish writer
"If you can count your money, you don't have a billion dollars." J. Paul Getty
(12/15/1892 – 06/06/1976) US zillionaire
|
|
|
Texas United States Member #34118 February 24, 2006 471 Posts Offline |
| Posted: November 4, 2008, 7:35 am - IP Logged |
|
State databases are not very secure!
Too many people (State personnel, Vendor personnel, Contractors, etc.)
have confidential access to alot of data.
Not to mention all those companies putting together their own databases
using public information. Public or Private, there are alot of people who
have access to personal and private information.
|
|
|
Northern California United States Member #20270 August 9, 2005 144 Posts Offline |
| Posted: November 5, 2008, 12:13 pm - IP Logged |
|
The info on winners themselves, etc., did not come from the gaming system but from internal lottery accounting systems.
Clearly, those internal systems were not as secure as they needed to be.
I'm disappointed with the Lotetry response. Clearly som eimprovements need to be made - if there were procedures in place to prevent this their employee was able to get around them. Either way, they need to make changes.
This sounds like a helluva lot more than "sample work product" to show a perspective employer to me.
|
|
|
Prince of Insufficient Light Ruler of Heck United States Member #13375 March 30, 2005 1350 Posts Offline |
| Posted: November 6, 2008, 2:09 am - IP Logged |
|
Another fine example of why these databases shouldn't exist in the first place.
Why would the lottery keep data on past winners for years? Even for tax purposes that info should not exist after a year or two.
Two wrongs make a catastrophe. Modern "education" teaches a version of history so fictionalized, it should be followed by "TM"
They're warning me about Osama or whatever. Picture me buying the scam; I say "never!". 
|
|
|
Florida United States Member #47021 September 14, 2006 495 Posts Offline |
| Posted: November 7, 2008, 7:44 pm - IP Logged |
|
This guy needs to go to jail , plain and simple. I'm under the suspiscion that he's holding this information for blackmail purposes or wants some kind of compensation for 'sensitive' information against the lottery for firing him. When people get fired or know they are going to get the axe, they may feel that after years of loyal service, they are being betrayed and might become spiteful. He must have known in advance that he was going to be 'let go' from his job prior and began that copying of past winners and who knows what else info he might have gotten his hands on. In normal circumstances in a job when you have access to computer databases and sensitive information like in this situation, when you get fired or laid off , the IT/IS department will block access to the network on that users account in a fast manner. Some people like this guy can become very vindictive. Just my opinion on this matter. 
Don't Play more, Play Smarter!
|
|
|
United States Member #392 June 8, 2002 4691 Posts Online |
| Posted: November 25, 2008, 9:14 am - IP Logged |
|
Another fine example of why these databases shouldn't exist in the first place.
Why would the lottery keep data on past winners for years? Even for tax purposes that info should not exist after a year or two.
Two wrongs make a catastrophe. You hit the nail right on the head.
|
|
|
|