The personal records of some 3.5 million Texans were inadvertently exposed after they were placed on a state computer server that was accessible to the public for about a year, state officials said on Monday.
State Comptroller Susan Combs said there is no indication that any of the information, which included names, mailing addresses, Social Security numbers, and possibly dates of birth and drivers license numbers, has been misused.
I deeply regret the exposure of the personal information that occurred and am angry that it happened, Combs said. I want to reassure people that the information was sealed off from any public access immediately after the mistake was discovered, and was then moved to a secure location.
Combs said the information was from the Teacher Retirement System of Texas, the Texas Workforce Commission, and the Employees Retirement System of Texas. The Texas Workforce Commission data breach was the most widespread, containing records of some 2 million individuals.
The data files were not encrypted as required by Texas administrative rules established for agencies. The problem was discovered when comptroller's office staffers were doing a security scan on some other files and noticed some folders that had been erroneously put on the server, said R.J. DeSilva, a spokesman for Combs.
Texas Attorney General Greg Abbott is investigating, DeSilva said.
Combs said her office will send letters this week to all of the people whose personal information was exposed.
This will not happen again, Combs said.
(Editing by Corrie MacLaggan and Greg McCune)