Maricopa Security Breach

The rest of the story

By

MCCCD Security Breach – Timeline of Events

This post is always pinned to the top of this page given its significance to understand what took place.  See frequent updates after this post.

The following timeline outlines events that took place between January 2011 and Feb 2014 regarding the MCCCD security breach. These events ultimately led to the largest security breaches in the history of Maricopa Community College. This timeline will be updated regularly as new events develop. Stay tuned!

Here is a visual representation of the core events.

Maricopa Security Incident Chronology of Events

 Date                      Event                                                                                                          

1/2011

Maricopa main webservers compromised.  

Maricopa security monitoring  system (OVIS) compromised.

None of the ERP Systems were compromised at this time.

 

Data from multiple schools  including MCCCD reported as being available for sale.  Vice-Chancellor of ITS notified.

1/30/2011

Root cause for webserver compromise quickly identified by existing IT Staff and action items for remediation outlined.   Remediation efforts were later delayed for months.

2/2011

Vice Chancellor of IT informed by Director Earl Monsour of security 

risks and potential impact related to compromised webservers.

Note: These were the same webservers that will later be compromised in 2013.

3/2011

VC of ITS informs  all MCCCD of security breach and extensive investigation under way.

Quote from letter sent to  All MCCCD:

I want to make you aware of an information security issue that came up recently…

Because we found evidence of unauthorized access on our webserver, we have carried out an extensive investigation and are taking steps to create a more secure web environment, including stronger network and security access…”

George K. – VC of ITS at MCCCD

6/2011

Director Earl Monsour once again informs VC of ITS  of major security risks and potential impact of continuing to run on compromised webservers.

Note: There was ongoing verbal communication with the VC of ITS at 

all times since 1/11

11/2011

Oversight Report delivered to VC of ITS.  This report clearly states the risks to (2) areas dealing with security:

  1. Maricopa webservers compromised in 2011 have not been fixed
  2. OVIS Tools to monitor the network and servers in Maricopa are still not operational

Quote from the report:

After 9-10 months, none of the agreed upon next steps have been accomplished. We are still running on a compromised server… The risk to MCCCD of running a compromised server is very high. The potential impact is critical”

4/2012

Mr. Monsour continues efforts to get the staff  reporting to another ITS Director to complete repairs identified after the 2011 security incident.  Most of the changes identified in 2011 are yet to be implemented.  Maricopa is still exposed.

5/2012

Letter sent to Rufus Glasper, Governing Board, Legal, Ombudsperson & VC of HR by lead DBA who resigned.

Quote from letter obtained via records request:

“…limited understanding of basic good technical practices is costing Maricopa Community Colleges millions.

I have witnessed scapegoating of subordinates as a means of avoiding responsibility for failed projects and an abject failure to respond appropriately to forewarnings by technical experts of impending disaster on projects.

I strongly urged you to consider an external investigation of ITS”

5/2012

Teresa Toney, Office of Public Stewardship at Maricopa asked Chancellor Glasper to conduct an external investigation of IT

Quote from email to Glasper obtained via records request:

I would recommend bringing in a party external to Maricopa to examine the work environment in that division…

The common thread being expressed is of lack of respect, recognition and civility by the execs…

One party suggested that a forensics accounting review be conducted in order to see how money being spent in IT…

7/2012

Linda Brown, founder of Maricopa Citizens for Safety and Accountability goes in front of the Maricopa Governing Board and cites concerns about Mr. George K, VC of IT, management style and deteriorating IT conditions.

Quote from  7/23/11 Board minutes available online:

“I come here today as a concerned citizen and community advocate and my request is straightforward. I am asking that you order an independent investigation into the ITS Department.

Last month, you received a letter from Joyce McQueen, a longtime employee with a distinguished record who was so demoralized by the hostile working conditions that she chose to resign three years shy of her retirement. That should have been enough to launch an investigation.

Please hire an external investigator and save us lots of money”

8/2012

Kerry Mitchell (MAT President) and Cecilia Quiroz (PSA President) representing concerned IT employees addresses the Maricopa Governing Board.  Mr. Mitchell reports mismanagement of IT projects and unfair employment practices. Mr. Mitchell asks the Chancellor for an external investigation of IT.

Quote from Board  presentation:

“Previously, employees and private citizens have called for an investigation of ITS. We support that call and respectful request that an independent external evaluator be brought in to objectiv ely assess the situation in ITS, determine the legitimacy of employee allegations, and recommend steps for improvement”

Kerry Mitchell – President MAT (Management and Technology association)

Cecilia Quiroz – President PSA (Professional staff association)

8/2012

John Willis Webster hired by Dr. Rufus Glasper to run Maricopa IT.

Consultants are in charge of all IT operations at this time.  

10/24/2012

Kerry Mitchell (MAT President) and Cecilia Quiroz (PSA President) send a letter to Dr. Glasper as employee group leaders on behalf of IT employees requesting that Dr. Glasper address the grievance violations filed earlier in the year.

Quote from letter received by employees involved:

“Having not received a satisfactory response, they are elevating the grievance to you, both in your role as Mr. Kahkejian’s supervisor, and in your role as Chancellor (in accordance with employee group policy)”

Kerry Mitchell & Cecilia Quiroz (employee group representatives)

10/2012

24 vacant positions in IT

Over 20 people on FMLA

- Great loss of institutional knowledge

- Senior staff  forced to retired early or quit and never replaced

- New hirings in IT frozen to pay for consultants

- Organization at risk. Systems vulnerable

- Systems aging and not being replaced

- Long-time dependable employees replaced by out of town consultants at great costs to the organization.

Fast forward to 2/26/2014 and see what happens

Maricopa County College District proposes tuition and tax hike

AZ Central – Mary Beth Faller

11/8/2012

(5) IT employees send letter to Dr. Glasper

Quote from email sent to Dr Glasper

“These issues not only still present significant financial risks to Maricopa but they endanger our reputation as a desirable workplace as the issues are countered to Maricopa values.”

1/2013

Multiple IT employees file formal charges with the EEOC at Federal level against Maricopa for discrimination and retaliation.

4/2013

Maricopa webservers that were compromised in 2011 are once again compromised in 2013.

Maricopa Executives had received more than 12 warnings and notifications of risk/impact to Maricopa since the 2011 incident by the same Maricopa IT employees now being blamed for the 2013 security incident.

5/13 – 10/13

  • Maricopa approves $27 million in new  IT projects before notifying the public of security breach in 11/13.
  • Maricopa approves $14 million to go towards ‘initial’ legal costs, letters to those impacted and help desk support for breach.

Fast forward to 2/26/2014 and see what happens with  staffing

Maricopa County College District proposes tuition and tax hike

AZ Central – Mary Beth Faller

5/13 –10/13

Maricopa does not involve any of the IT leaders previously in charge of security or databases in the investigation or support of the breach. These employees were not contacted until 8/2013.

8/2013

Earl Monsour and Miguel Corzo called in for interviews with investigators. Key witnesses they provided were left out.

Letter from Martin Gang to MCCCCD

“I am writing this statement as I am aware of an investigation conducted on behalf of Maricopa. I have made repeated requested that Earl Monsour provide my name and contact information to the investigative team and I am sure that he has provided that information. Despite having the contact information, no one has yet called, written or made any other visible attempt to contact me. Since I have direct material information as to the events that occurred in the discovery, identification and attempted mitigation of the security incident discovered in January 2011, I believe it is my responsibility to ensure that Maricopa receive this information so that any investigation conclusions would be based on all appropriate information”

Martin Gang, ex-Associate Director of Strategic Information Technology for MCCCD.  

9/24/13

Request to approve $2.1 million to legal firm Wilson Elser goes to the Board for the first time.  Contract for initial work between April   2013 and Sept 2013 is MIA and does not appear to have gone to the Board for approval.

Board minutes here

11/25/13

Notification of disciplinary action and false allegations of wrongdoing sent to Mr. Monsour and Mr. Corzo.  

These were the same individuals that had warned MCCCD over 12 times since 2011 of potential security risks and impacts to the organization. These were the same people who told the organization this would happen.

11/26/13

Governing Board approves 3 year Chancellor’s contract extension. This happens in the midst of the security problems and prior to notifying the public.

Board minutes here

11/27/13

Maricopa notifies the public of Major Security Breach

Maricopa sends letters to 2.5 million students, nearly 7 months after the breach and the FBI notification.  

http://www.databreaches.net/maricopa-community-colleges-notifies-2-5m-after-data-security-breach/

http://www.kpho.com/story/24276899/ethical-hacker-maricopa-community-colleges-data-still-exposed

1/14

Maricopa goes on record with the press

“We could not determine that anyone had ever been in and taken any of our files,” Gariepy said. “We knew someone could have, but we couldn’t find evidence that anyone had.”

However, forensic investigators hired by the district found no evidence that anyone exploited the security weakness to steal information, according to Maricopa Community Colleges spokesman Tom Gariepy

The district learned about the potential breach when the FBI found a site claiming to be selling personal information of people affiliated with the district, Mr. Gariepy said. The site was selling only names of people associated with the district but the incident alerted officials to a serious weakness in its security, he said.

1/12/14

Mr. Corzo , Mr . Monsour and  potentially others in ITS, received a letter from Dr. Glasper based on recommendation from Jim Bowers.  The letter is a recommendation to the Board to terminate employment effective 2/27/14 based on false allegations.  

1/14/14

Linda Brown attends Governing Board meeting. She refers back to 2012 when she asked the Board for an investigation of IT regarding mismanagement, wrongdoing, retaliation, discrimination.  She once again asks for an investigation and requests that all employee terminations be place on hold.

Quote from Board minutes

The top District leadership is ultimately responsible for what happened in Maricopa IT. The District Administration failed to listen to their own employees, failed to follow their own processes, ignored requests from community leaders, attempted a cover up operation and is now looking for scapegoats to avoid accountability in order to save themselves...

Again, I urge this Board to take the following steps and save our District from further damage,

• Place all employment/disciplinary actions against IT employees on hold until a fair and  unobstructed investigation is completed.

• Place the Chancellor on administrative leave so an investigation can proceed without bias obstruction or interference

Please listen this time and save us all money.

Linda Brown – Board Meeting  Minutes  here

1/14

Mr. Corzo and Mr. Monsour secure legal counsel and request a hearing.  Letter submitted by Legal Counsel to District Office.

1/14

EEOC serves retaliation charges to Maricopa on behalf of Mr. Corzo and interviews Mr. Monsour in 2/14

1/14/14

Kerry Mitchell, past MAT President sends yet another request to Dr. Glasper requesting a response to the IT Grievance filed back in 10/2012.  This grievance could have saved MCCCD millions had someone taken action on it.

“On October 24, 2012, in my role as MAT President, I submitted to you a non-policy grievance regarding ITS, on behalf of several MAT employees.  To date, I have not heard that a response was given to the employees.  While I appreciate that a great deal has transpired since then, I believe the employees involved would benefit from a response (I have come to understand that a response has been drafted).

Thank you for your consideration of this matter.”

Kerry Mitchell – Past MAT President

1/14/14

Dr. Rufus Glasper (Chancellor) responds to Mr. Mitchell request for a grievance response update.  Ironic!

“Kerry,

Thanks for your email.  I am reviewing with HR.  I apologize for the apparent delay.”

Rufus Glasper – Chancellor MCCCD

2/14

Local News Channels and AZ Republic are stonewalled for weeks on their records request.  

Governing Board continues to discuss security issue behind close doors in Executive Section. This has been a pattern since  Nov 2013 and even earlier.  Press and/or public are not allowed to ask questions as Security Breach is not a topic in any of their agenda.

State Ombus Representative contacted about these two matters.

2/14

AZ Republic  comes out with first post-breach article in 2014

News Channel Coverage starts

CBS 5

ABC 15

Databreaches.net reports on  class action lawsuits and other issues related to the breach

Arizona Daily Independent comes out with article

2/16/14

Citizens go to the Board asking for the Chancellors to resign (watch the video here)

2/26/14

Maricopa ITS now wants to raise tuition and tax levy to help pay for the security breach.  Part of this hike will also go towards rehiring nearly 50% of the department and retraining.  All of these could have been avoided had they not ignored the ITS Grievance and multiple letter sent to the Chancellor on ITS attrition and related financial risks to the institution.

  • 75 out of 140 employees remain in ITS
  • ITS requested $27 millions for  new projects in 2013 alone
  • ITS is now asking to rehire 45 new employees
  • $7.5 million needed to rehire and retrain
  • Lack of institutional knowledge forces outsourcing

About $7.4 million of the money would go to the information technology department, which is working to recover from a massive security reach last year that exposed the personal data of 2.4 million current and former students and faculty”

AZ Central post a related article on tuition and tax levy hike with portions going toward fixing security issues and dealing with unprecedented attrition rates in ITS

Maricopa County College District proposes tuition and tax hike

AZ Central – Mary Beth Faller

 

What is next? Bookmark this page and we will keep you posted.

More to come !

 

Comments are closed.