Welcome Guest
Log In | Register )
You last visited December 7, 2016, 11:24 am
All times shown are
Eastern Time (GMT-5:00)

Texas Lottery suffers computer security breach

Texas LotteryTexas Lottery: Texas Lottery suffers computer security breach

Sensitive personal data on 89,000 players copied by former employee

The Texas Lottery Commission is alerting tens of thousands of lottery winners that they're on a not-so-lucky list.

More than 89,000 lottery winners are being notified that sensitive information about them including their names, Social Security numbers, addresses and prize amounts were taken from the agency without permission by a former employee.

The 39-year-old computer analyst, who left the state commission last year after eight years on the job, apparently copied onto computer disks sensitive information on thousands of lottery commission employees, retailers and vendors, as well.

The employee, who told investigators he eventually copied the data onto his work computer at the Texas Comptroller's Office, has not been charged. The case is being investigated by the Travis County District Attorney's office.

Investigators with the Texas Comptroller's Office said they have no evidence the information was used to commit fraud.

Still, the Lottery Commission is advising those they contact to place a fraud alert on their credit files.

Agency spokesman Bobby Heith said that while officials were looking at measures to prevent similar acts from occurring, no new security procedures had yet been adopted.

In August, investigators with the Comptroller's Office were asked to examine the computer files of the former lottery employee, who was working for the comptroller.

They discovered sensitive data on 27,000 individuals, the majority of them winners. Subsequent searches turned up data on 78,000 additional individuals, including 62,000 winners.

The agency notified people in the first group last month and began sending out letters to the 78,000 people this past week.

Several days after he was fired, the employee told investigators that prior to leaving the lottery commission, "I indiscriminantly copied all the files from the My DOC folder to a CD/DVD which I carried (to subsequent jobs)," according to a search warrant.

The employee added he wanted the information "for possible future reference as a programmer at other state agencies."

Houston Chronicle

We'd love to see your comments here!  Register for a FREE membership — it takes just a few moments — and you'll be able to post comments here and on any of our forums. If you're already a member, you can Log In to post a comment.

10 comments. Last comment 8 years ago by mjwinsmith.
Page 1 of 1

United States
Member #58528
February 18, 2008
710 Posts
Offline
Posted: November 3, 2008, 8:45 pm - IP Logged

Sensitive personal data on 89,000 players copied by former employee

The Texas Lottery Commission is alerting tens of thousands of lottery winners that they're on a not-so-lucky list.

More than 89,000 lottery winners are being notified that sensitive information about them including their names, Social Security numbers, addresses and prize amounts were taken from the agency without permission by a former employee.

The 39-year-old computer analyst, who left the state commission last year after eight years on the job, apparently copied onto computer disks sensitive information on thousands of lottery commission employees, retailers and vendors, as well.

The employee, who told investigators he eventually copied the data onto his work computer at the Texas Comptroller's Office, has not been charged. The case is being investigated by the Travis County District Attorney's office.

Investigators with the Texas Comptroller's Office said they have no evidence the information was used to commit fraud.

Still, the Lottery Commission is advising those they contact to place a fraud alert on their credit files.

Agency spokesman Bobby Heith said that while officials were looking at measures to prevent similar acts from occurring, no new security procedures had yet been adopted.

In August, investigators with the Comptroller's Office were asked to examine the computer files of the former lottery employee, who was working for the comptroller.

They discovered sensitive data on 27,000 individuals, the majority of them winners. Subsequent searches turned up data on 78,000 additional individuals, including 62,000 winners.

The agency notified people in the first group last month and began sending out letters to the 78,000 people this past week.

Several days after he was fired, the employee told investigators that prior to leaving the lottery commission, "I indiscriminantly copied all the files from the My DOC folder to a CD/DVD which I carried (to subsequent jobs)," according to a search warrant.

The employee added he wanted the information "for possible future reference as a programmer at other state agencies."

Maybe he hasn't committed fraud with the information that he stole,but he still stole the information.It wasn't his to take,that makes him a thief and he should be charged with theft and sent to prison.The only "state agency" he should be allowed to work for in the future is the state prison system....on the other side of the bars

    ThatScaryChick's avatar - x1MqPuM
    Idaho
    United States
    Member #56506
    November 21, 2007
    6537 Posts
    Offline
    Posted: November 4, 2008, 12:25 am - IP Logged

    Maybe he hasn't committed fraud with the information that he stole,but he still stole the information.It wasn't his to take,that makes him a thief and he should be charged with theft and sent to prison.The only "state agency" he should be allowed to work for in the future is the state prison system....on the other side of the bars

    I agree. There was no reason whatsoever, for this guy to copy confidential information onto disks after he was fired. No reason. He claims he wanted the information "for possible future reference as a programmer at other state agencies." Sorry, but bullcrap. That personal information was not given to him to use and I am sure he was going to use it for criminal acts. I hope they throw the book at this guy.

    "No one remembers the person who almost climbed the mountain, only the person who eventually gets to the top."

      diamondpalace's avatar - Untitled 2.jpg
      Dallas, TX
      United States
      Member #60284
      April 12, 2008
      3856 Posts
      Offline
      Posted: November 4, 2008, 12:36 am - IP Logged

      Maybe he wanted to send out a farewell card to the people after leaving the job? ;)

        L J1's avatar - chi jpeg.jpg
        Michigan
        United States
        Member #54181
        August 8, 2007
        123 Posts
        Offline
        Posted: November 4, 2008, 5:51 am - IP Logged

        Wow! A very shocking story. Hope all those people don't have to pay for his mistake.

          spy153's avatar - maren

          United States
          Member #28409
          December 15, 2005
          1198 Posts
          Offline
          Posted: November 4, 2008, 7:06 am - IP Logged

          Let me first say, I am not advocating his behavior., nor do I think his intentions were on the up and up.  However, there is another possible reason he took the information.  It may be the only proof he has to show for something he "discovered" about the lottery.  Just a thought.

          voir-vous dans mes reves!Cool

            LottoL's avatar - techno eye.jpg
            Texas
            United States
            Member #33719
            February 24, 2006
            705 Posts
            Offline
            Posted: November 4, 2008, 7:35 am - IP Logged

                                         I Agree!

            State databases are not very secure!

            Too many people (State personnel, Vendor personnel, Contractors, etc.)
            have confidential access to alot of data.

            Not to mention all those companies putting together their own databases
            using public information.  Public or Private, there are alot of people who
            have access to personal and private information.

              Avatar
              Northern California
              United States
              Member #19948
              August 9, 2005
              151 Posts
              Offline
              Posted: November 5, 2008, 12:13 pm - IP Logged

              The info on winners themselves, etc., did not come from the gaming system but from internal lottery accounting systems.

               

              Clearly, those internal systems were not as secure as they needed to be.

               

              I'm disappointed with the Lotetry response. Clearly som eimprovements need to be made - if there were procedures in place to prevent this their employee was able to get around them. Either way, they need to make changes.

               

              This sounds like a helluva lot more than "sample work product" to show a perspective employer to me.

                time*treat's avatar - radar

                United States
                Member #13130
                March 30, 2005
                2171 Posts
                Offline
                Posted: November 6, 2008, 2:09 am - IP Logged

                Another fine example of why these databases shouldn't exist in the first place.

                Why would the lottery keep data on past winners for years? Even for tax purposes that info should not exist after a year or two.

                Two wrongs make a catastrophe.

                In neo-conned Amerika, bank robs you.
                Alcohol, Tobacco, and Firearms should be the name of a convenience store, not a govnoment agency.

                  Omniscient's avatar - Lottery-017.jpg
                  Florida
                  United States
                  Member #46570
                  September 14, 2006
                  558 Posts
                  Offline
                  Posted: November 7, 2008, 7:44 pm - IP Logged

                  This guy needs to go to jail , plain and simple. I'm under the suspiscion that he's holding this information for blackmail purposes or wants some kind of compensation for 'sensitive' information against the lottery for firing him. When people get fired or know they are going to get the axe, they may feel that after years of loyal service, they are being betrayed and might become spiteful. He must have known in advance that he was going to be 'let go' from his job prior and began that copying of past winners and who knows what else info he might have gotten his hands on. In normal circumstances in a job when you have access to computer databases and sensitive information like in this situation, when you get fired or laid off , the IT/IS department will block access to the network on that users account in a fast manner. Some people like this guy can become very vindictive. Just my opinion on this matter.

                   See full size image                                               

                   Don't Play more, Play Smarter!

                    mjwinsmith's avatar - moon

                    United States
                    Member #391
                    June 8, 2002
                    16067 Posts
                    Online
                    Posted: November 25, 2008, 9:14 am - IP Logged

                    Another fine example of why these databases shouldn't exist in the first place.

                    Why would the lottery keep data on past winners for years? Even for tax purposes that info should not exist after a year or two.

                    Two wrongs make a catastrophe.

                    You hit the nail right on the head.