HARTFORD -- Attorney General George Jepsen is seeking more information from the state Department of Labor and Central Connecticut State University about security breaches that may have opened Social Security numbers and other personal information to unauthorized view.
In separate letters to state Department of Labor Commissioner Glenn Marshall and Central Connecticut State University President Dr. Jack Miller, the Attorney General asked for explanations about how any unauthorized disclosure had occurred and what steps had been taken to correct the situation.
The Attorney General said he understood that both agencies were providing two years of credit monitoring to affected individuals. Jepsen said reimbursement should also be provided for those individuals to place and lift one security freeze per credit file.
“I am pleased that both agencies appear to have responded to these breaches with appropriate concern. As state agencies, we must set an example for the private sector and take whatever steps are necessary to improve procedures for handling and protecting personal information entrusted to our care,” Jepsen said.
The alleged breach at the Department of Labor involved the Social Security numbers and salary and wage information of more than 500 employees involved in an appeal before the Employment Security Appeals Board. The information was sent with a hearing notice about the appeal to at least two individuals.
“I am concerned about the procedures in place within the Department to indentify documents containing sensitive information and to make certain that such information is redacted before any disclosure of each document is made. I therefore request information regarding the Department’s policies and procedures for protecting sensitive information from being disclosed in this context,” Jepsen wrote to the commissioner.
Central Connecticut State University issued a notice Thursday that a “Z-bot” virus in an office computer exposed the Social Security numbers of more than 18,000 individuals associated with the University for eight days in early December. The University said the infected computer was taken off line.
In his letter to the University president, Jepsen wrote, “In order to evaluate the sufficiency of protections in place within CCSU to guard against these kinds of security breaches, I ask that you provide my office information regarding CCSU’s policies and procedures for protecting electronically stored information, including CCSU’s anti-virus software scan and update protocol.”
“I also request that you provide information regarding CCSU’s employee training program relative to computer usage and reporting of suspicious links, e-mails or attachments,” he wrote.
Jepsen asked that the two agencies to respond by the end of the month.
Assistant Attorney General Matthew Fitzsimmons is handing this matter for the Attorney General as head of the Office’s Data Privacy Task Force.