First a disclaimer: As a KUT employee — I am a member of the Teacher's Retirement System. So like many other current and former state employees, I called up the comptroller's hotline — created just for this problem — to see if my information was left exposed for a year on a public server for anyone to see. Based on my seven minute wait, which featured Elton John and Richard Marx songs, I'm guessing I wasn't the only one trying to call in. When I finally did reach someone, my fears where quickly confirmed: My data had been exposed.
The operator gave me information on how to sign up for credit alerts to help determine if anyone tries to use my info. Helping to set up those alerts and offering a discount for credit monitoring is one way the Comptroller's office is trying to make amends.
Audio: Ben Philpott's story for KUT News
"We negotiated with one of the credit bureaus — Experian — and people are going to their website or calling them up," said spokesman R.J. DeSilva. "We don't have any stats yet because they launched it on Friday, so probably in the next few days or so we'll know if people have been taking up that offer."
Four comptroller staff members, including the head of innovation and technology and the head of information security, were dismissed over the security breach. That's not enough, according to Mark Webber, a retired public school teacher. Personal information for him and his wife was exposed. And his notification letter from the comptroller didn't make him feel any better.
"No, it didn't reassure me at all," he said. "It simply made me question why in the world somebody could be that incompetent. If anything it just made me angry."
Webber has already called the hotline set up by the comptroller to find out more about the data mistake.
"I wanted to know what would happen if my identity was stolen and I had to be out of pocket — you know, any expense trying to get that information back, would I be reimbursed. I was told no," said Webber.
The office of Texas Attorney General Greg Abbott is actively involved in a criminal investigation of the security breach, and is working with the FBI. But while investigating, the AG's office will not confirm whether or not a crime has been committed.