Here a new article on the history of the MCCCD security breach, the cost of the failure to respond and the current state of affairs.
Today, 4/29/2014, Earl Monsour is being deposed at the Gallagher and Kennedy Office in Phoenix, Az. A deposition that may last a couple of days if not longer. This is just the beginning, one of hundreds of individuals who will have to be deposed. Lawyers and more lawyers (9-10 today only) are involved at an hourly rate of approximately $300+/hr. A bill MCCCD will end up paying with taxpayer dollars if they lose these cases in court.
MCCCD lawyers are working around the clock trying to hide the truth from the public hoping that a judge will support the complete lack of transparency of a publicly funded institution. A few days ago, the Governing Board approved a $3 tuition increase to generate millions of dollars of new revenue. Students who already registered and paid for their Fall semester will receive a new bill and hopefully not be dropped from classes when MCCCD runs their dreaded ‘purge’. New students will need to pay a bit more if they want to attend. All of this, while MCCCD sits on top of a large sum of cash totaling nearly $500 million (see The Bulging Cash Hoard at MCCCD). It begs the questions, who is the MCCCD Governing Board serving? What is the mission of the institution? Why are you asking for more money when you have so much? Are you trying to keep that infamous bond rating at the expense of the community?
This post is always pinned to the top of this page given its significance to understand what took place. See frequent updates after this post.
The following timeline outlines events that took place between January 2011 and Feb 2014 regarding the MCCCD security breach. These events ultimately led to the largest security breaches in the history of Maricopa Community College. This timeline will be updated regularly as new events develop. Stay tuned!
Here is a visual representation of the core events.
Maricopa Security Incident Chronology of Events
Maricopa main webservers compromised.
Maricopa security monitoring system (OVIS) compromised.
None of the ERP Systems were compromised at this time.
Data from multiple schools including MCCCD reported as being available for sale. Vice-Chancellor of ITS notified.
Root cause for webserver compromise quickly identified by existing IT Staff and action items for remediation outlined. Remediation efforts were later delayed for months.
Vice Chancellor of IT informed by Director Earl Monsour of security
The email below was recently sent to the MCCCD Governing Board.
Its purpose was to escalate the IT Grievance that could have prevented the 2013 breach to the attention of the MCCCD Governing Board.
Chancellor Glasper never responded to this Grievance. By policy, Dr. Glasper had 10 days since initial filing (10/2012) to address the issues in the grievance. Over a year has passed and no answer has been received by employees.
In addition to MCCCD policy violations, employee’s First Amendment Rights have been violated. The right to petition government for redress of grievances is the right to make a complaint to, or seek the assistance of, one’s government, without fear of punishment or reprisals. Several employees who filed this grievance have been forced to retire early or are now being terminated by MCCCD.
ITS Grievance redacted
Date: Wed, Apr 9, 2014 at 7:47 PM
Subject: Escalation of ITS Grievance to Governing Board Members
To: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com
Here is a recording from an interview where Mr. Corzo, the person who tried to warn the District before the 2013 incident happened, is being told that ‘he did nothing wrong’. MCCCD is still proceeding with efforts to blame Mr. Corzo for the 2013 incident. The MCCCD Administration refuses to take responsibility.
This interview took place in Nov 2013. In attendance were James Bowers, Interim VC of HR, Kroll lead investigator (speaking on recording), Kerry Mitchell, ex-MAT President and Mr. Corzo’s representative.
A few points to read before you play the tape:
1. The 1098-T database they mention in the tape and are trying to pin on Mr. Corzo WAS NOT one of the databases he managed at the time. This database was managed by another IT Director (who recently resigned) and the Marketing Department. Neither Mr. Corzo nor his staff had access to that database or the computer it resided on.
2. Mr. Corzo nominated someone from his team as requested by Mr. Monsour to be part of the investigation team in 2011. That person did what she was asked to do and communicated with Mr. Corzo several times a day. None of the ERP databases Mr. Corzo managed at the time (SIS, HR, CFS) were compromised.
Information contained in public MCCCD Board minutes speak of how huge the security problem at MCCCD is. MCCCD has publicly disclosed their vulnerabilities and the monumental effort require to fix the problem that was reported in April 2013. It makes you wonder if MCCCD web servers should be even operational given the information disclosed below.
Here is a segment from the Nov 2013 Board Minutes where MCCCD acknowledges the scope of the problem and what’s left to be done.
V.A.1 APPROVAL OF AUTHORIZATION OF INCREASED EXPENDITURE
FOR WEB REMEDIATION CONSULTING SERVICES
This is a follow-up item to move to a One Maricopa enhancement
effort. It’s a three-phase system. Once Eagle Creek has assessed the
existing web infrastructure, 1) they will help with web maintenance
(there are over 10,000 pages), 2) they will look at the web
infrastructure and fix pages that are not working, and 3) they will
rebuild the entire web system into a secure and well run single entity
(currently there are 50-60 systems currently running). It will take
approximately 18-24 months to fix.
o Will Maricopa contract out maintenance or can it be
supported in-house upon completion? (IT will create a web
Taxpayers may have to foot a bigger bill to cover legal expenses related to the Maricopa Community Colleges data security breach.
“I think it’s kind of unethical to leave a firm to take your biggest client with you and plant yourself to say you’re a local law firm,” Lumm told ABC15.
It appears that the MCCCD Administration is partnering with their out of state lawyers from Wilson Elser to deceive the MCCCD Governing Board. ABC 15 tells the story.
See the latest video by ABC 15 on this ongoing mess with MCCCD.
In April 3rd, 2014, a few days after Miguel Corzo and Galvan (Corzo’s lawyer) left a hearing that had apparently been rigged to benefit the District Administration, conceal evidence from ever being made public and keep witnesses, including Rufus Glasper, from testifying, Mr. Galvan sent this letter to MCCCD.
From: Richard Galvan <firstname.lastname@example.org>
Date: Tue, Apr 8, 2014 at 4:58 PM
Subject: MCCCD Hearing
To: Lee Combs <email@example.com>, James Tucker <James.Tucker@wilsonelser.com>
Response to your email dated April 1, 2014
It is Mr. Corzo’s position that these proceedings are fatally flawed and, consequently he refused to participate in the March 31st hearing. The bases and reasoning for his position include:
1. The District’s unlawful refusal to provide Mr. Corzo with the public records he requested nearly 3 months ago pursuant to the Arizona Public Records Law.
2. In violating the law, the District not only failed to produce the documents, but it failed to provide Mr. Corzo, in accordance with the Arizona Public Records Law, with an index of all the public records subject to his requests along with the individualized reason why the District denied production of each paticular document.
The Monday hearing (3/31) to decide the future of one remaining MCCCD employee who is fighting the MCCCD administration over the security breach in 2013 was little more than a kangaroo court according to witnesses. While the District has reportedly either worked out deals or forced resignation from several employees, the whistleblower in the case; Miguel Corzo, was denied a chance to even defend himself in the Monday hearing.
Here are sections of the 3/25/2014 MCCCD Governing Board Meeting where the topic of the security breach came up. Comments were made in public regarding the extension of the Wilson Elser contract and the way the administration is handling the current breach.
Members of the community talk about the security breach during the Citizens Interim portion of the Board Agenda. Items discussed: impact to the community, costs, what it means to you, employee issues etc.