State Judicial Branch: Slip-up exposes employees' personal information

August 27, 2006

By Steve Terrell, The New Mexican

For eight days last spring, an unsecured document containing names, birth dates, Social Security numbers, home addresses and other personal information on some 1,500 employees of the state judicial branch was posted on a state computer server.

Fortunately, no unauthorized employee copied or downloaded the file, which was on a state password-protected FTP (file transfer protocol) site, officials at the state Administrative Office of the Courts said Friday.

``Words can't describe how I felt,'' said Steve Prisoc, director of the state Judicial Information Division. ``I was extremely disturbed.''

Prisoc and Administrative Office of the Courts Director Artie Pepin said new procedures and policies have been implemented since the unprotected file was discovered.

``If anything, that incident made us more secure,'' said Pepin, who started his job after the problem was discovered and fixed. ``I think it's made us all more sensitive about personal information.''

The state courts' FTP site is used mainly for court employees to download computer programs and patches for existing programs, Prisoc said. About 100 people, nearly all court personnel, have access to the site, he said.

The file with all the personal information on the employees was sent to the site by the state Personnel Office for the purpose of helping the judicial branch implement a new state payroll and accounting system called SHARE (Statewide Human Resources Accounting and Management Reporting System).

However, the AOC employee who had requested the list ``went on vacation and forgot about it,'' Prisoc said. ``It was just a human error.''

The file sat on the FTP site for a week. Finally, on June 1, an employee alerted Prisoc. He said he had been involved in interviews that day and didn't find out about the problem until the end of the workday.

The next day, Prisoc ordered the FTP site shut down. ``That probably was overkill,'' he said. ``But we didn't know if any other files like this were going to be sent.''

The AOC's computer staff was able to determine only eight people had clicked on the file, Prisoc said. Seven of these were computer staff.

The other person was a court clerk who Prisoc described as ``a longtime trusted employee'' who innocently clicked on the file while looking for another file.

``No outsiders saw the file,'' Prisoc said.

Prisoc sent a team to examine the clerk's computer. They were able to determine the employee hadn't copied or e-mailed the personnel file.

Prisoc said he alerted the AOC director as well as Chief Justice Richard Bosson of the New Mexico Supreme Court.

Since the security problem, the FTP site has been redesigned, Prisoc said. The site has been subdivided into several specific areas with unique passwords. Not all of those with access to the site have access to all of the areas.

The AOC also has purchased encryption software to use with certain information.

main page ATTRITION feedback