Maricopa Security Breach

The rest of the story

By

Miguel Corzo speaks to Governing Board | Maricopa Security Breach

The Governing Board voted on 7/22/2014 to terminate Miguel Corzo. The entire video of the Board meeting is now available here.  

Follow-up articles:
- The Arizona Daily Independent ‘MCCCD denies due process, fires whistleblower’
- Az Central Maricopa Hacking Scandal: Same Old Excuses’
- Databreaches.net ‘MCCCD Breach: View from the underbus
- 3 TV – AZ Family ‘School fires IT manager who warned of breach

Board Members were operating with inaccurate and incomplete information

      • MCCCD refuses to call Mr. Corzo’s witnesses
      • MCCCD  refuses to provide Mr. Corzo with public records
      • MCCCD had been breaking OML laws since April 2013
      • Board-established employee policies violated
      • Mr. Corzo civil rights and due process violated
      • Board Members silenced
      • MCCCD  unwilling to provide any evidence to support their accusations
      • MCCCD Board Member misinformed about database ownership in Stach and Liu report. Not a single database was mentioned by name in that report.
      • Famous Stach & Liu report of 2011 was a 13 page PowerPoint pointing to network and security issues. All databases in the report resided on the compromised webservers only.
      • MCCCD ignores content of signed and dated IT Grievance that will hold up in Court.
    • The word ‘security’ is nowhere to be found in Mr. Corzo’s job description. Security of the compromised servers just wasn’t his job.
  • Other signed/dated documents ignored
  • Board was derelict in their own duties
  • The buck does not stop with Mr. Glasper

Mr. Corzo was notified on Thursday of the hearing committee findings and his name was place on the Governing Board agenda the following Monday for a Tuesday decision. Here is a copy of the District allegations along with Mr. Corzo’s response.  He was given little or no time to respond or present his point of view.

- It is clear after hearing Board members speak that they were either operating with inaccurate and incomplete information provided by the Administration or they just turned a blind eye. Ultimately, their decision culminated in the wrongful termination of Mr. Corzo, an MCCCD employee of nearly 3 decades. The process failed all the way to the top.

- Mr. Corzo made a 10 minute long presentation and no one was allowed to ask him a single question about his speech before firing him.

- Board members deny seeing ANY documents related to the 2011 incident other than a single document stating that all is well. It appears that they were not provided with the copy of the ITS Grievance, Board presentations in October by Linda Brown, and a long list of documents mentioned here. Maricopa claims none of these documents exist in their email systems. The Administration forgot that Mr. Corzo ran their email system in 2011 and has been doing so for nearly 15 years. Mr. Corzo knows how much information Maricopa keeps for their Executives in case of litigation.

- Mr. Corzo provided a long list of witnesses to Maricopa. Mr. Corzo’s witnesses were willing to testify and share additional evidence. MCCCD never contacted any of his witnesses.

- One Board member claims Mr. Corzo rights for due process were violated after his representative was replaced by the Administration without his approval ‘THE DAY OF’ the hearing. See hearing rigged.

- Another Board member says he has doubts. Mr Corzo is unable to clarify his doubts or speak in response to that statement during the Board meeting.

- Many questions presented today remain unanswered. Mr. Corzo is unable to answer any of Mr. Pearson’s questions. The Administration will not allow it.

- Board member claims Open Meeting Laws have been violated since April 2013 stating the Mr. Corzo’s name has been repeatedly brought up in Executive Sessions without him being notified.- Board member Burke stated having only seen one document regarding the 2011 incident out of the many listed in the timeline of events, most of which were obtained via public records.  This statement infers that Mr. Burke was not provided a copy of the Grievance by the Administration or that his email could have been ‘tampered’ with. Linda Brown emailed over 20 documents to the Governing Board after the 2013 breach that speak of the 2011 incident, risks and communications with the Chancellor in 2012.

- Board member Burke stated that one of Mr. Corzo database was listed in the Stach and Liu report and it was compromised.  According to witnesses who have seen the report, there isn’t a single database mentioned in that report and the report warns of data breach and loss, damage to reputation etc.  The 140 Database mentioned were MySQL databases maintained by the Server Team at MCCCD in the compromised main Maricopa webserver.  No ERP database were mentioned in the report.

- The only database mentioned to Mr. Corzo was called a 1098T database. That database belonged to the Marketing Dept no Mr. Corzo’s unit.  All information related to this database was shared with Mr. Bowers during a pre-hearing.  The entire recording of this meeting will be available for the courts.  Mr. Corzo also shared an entire document many pages long explaining to the Administration who owned the database Mr. Burke was referring to.

- Board member Gutierrez states that due process was provided in the hearing. The evidence of what took place during the hearing is documented here.  Documents were denied to Mr. Corzo for his defense.  He was not allowed to bring his witnesses and the Steering Committee failed to interview a single person that could testify in his defense.  The list Mr. Corzo provided had over 20 people, many of which were willing to testify and share their story.  Not a single person that was willing to testify in Mr. Corzo’s defense was contacted in over 9 months since this ordeal began.

- Mr. Corzo was never allowed to speak or clarify any of these misunderstandings during the Board meeting. Board Member Pearson was not allowed to even ask Mr. Corzo follow-up questions.

- Mr. Pearson told employees that the employee manual full of Board policies is only good for fire. She stated that they should all be afraid for their jobs given the Administration practices.

- Dr. Glasper stated in a follow-up interview with ABC 15 that he holds ultimate accountability for what happens and that the buck stops with him. What does that mean?  Why is the Board not holding him accountable?

- Everyone from Maricopa at the meeting conveniently forgot to mention the most damaging document of all during the Board meeting, the ITS Grievance (see here).  A formal document filed with MCCCD and containing warnings to Dr. Glasper stating that ‘personal information is at risk’

- It is unclear why Mr. Corzo was fired.  No evidence or facts were presented.  It appears that after nearly 30 years with MCCCD, Mr. Corzo was fired for failing to protect a small database of approximately 300 people after running massive Oracle ERP systems and Identity Management Systems with millions of records for nearly 20 years. To make matters worse, this small database was not under Mr. Corzo’s control or area of responsibility in 2011.

- Dr. Glasper claims no one told him how ‘grave’ the situation was. Even if that was the case,  which is not as clearly documented, Mr. Corzo was not aware of the details. Those details resided with two other IT Directors whose job description was to deal with security of all MCCCD servers. Mr. Corzo could not share that which he did not know. His assumption was that the VC of ITS and those responsible for security were sharing information with Dr. Glasper. All Corzo knew was thst which he shared with Glasper in the ITS Grievance. It was Glasper’s duty in his position of power and authority to investigate that which was reported to him.

At the end, the Board fired Mr. Corzo after denying him the courtesy to speak, the opportunity of a fair hearing or any due process.

See timeline of events for reference to documents available to the courts. This list contains a small subset of documents that EXIST in the Maricopa systems.

The courts will now have to determine why MCCCD denies the existence of incriminating documents potentially in the hands of multiple individuals in the organization.

Is MCCCD the new Enron of the Education system when it comes to disappearing documents ?  See here.

Here is some additional news coverage from the Board meeting:

http://www.azfamily.com/news/School-fires-IT-manager-who-warned-of-security-breach-268218462.html

Here is a copy of the speech he gave to the Board tonight.
Download Miguel Corzo Speech to Governing Board

  • To this date, MCCCD is yet to provide a single thread of evidence to Mr. Corzo.  It is all hearsay with no supporting evidence.
  • To this date, MCCCD is yet to interview  a single person named as a witness by Mr. Corzo.
  • To this date, MCCCD is yet to allow Mr. Corzo to present his side of the story to the MCCCD Governing BoardWhat are they afraid of?  Do they have something to hide?

 

Good night for now.  Stay tuned!

Leave a Reply