Maricopa Security Breach

The rest of the story


Wrongful employee termination – MCCCD Security Breach

Attached is the response to the Chancellor’s recommendation to terminate Mr. Miguel Corzo’s employment.
The letters below were sent to the Governing Board in response to the upcoming Board meeting.

The MCCCD Administration is accusing Mr. Corzo of not doing a job that wasn’t his to do, being responsible for systems he wasn’t supposed to be responsible for, knowing about a document that was never shared with him, not communicating upwards when he repeatedly did so, and not doing enough during an incident in 2011 when he was onsite, working with his staff and others to help MCCCD address a small security breach.  In 2013 when the second and larger breach took place, Mr. Corzo was no longer assigned to any supervisory or database duties.

The ERPs at MCCCD that Mr. Corzo was responsible for were never compromised in 2011. A small database residing on the main maricopa webservers was compromised.  This database was the responsibility of the marketing department and the network and server team at MCCCD not Mr. Corzo’s team.
It is not what happened in 2011 that matters as much as what the Administration did after 2011 and before the 2013 incident. The 2011 incident was indeed minor.  Nothing really happened of any significance. The Administration simply ignored or decided to take a chance on documents provided to them that clearly stated that something had to be done to repair our systems after a minor breach.  That was a calculated risk that unfortunately had serious consequences and no one in the Administration wants to be responsible for. Mr. Corzo warned the Administration multiple times with 12 letters, including 3 emails regarding an IT grievance that clearly stated that MCCCD was at great risk of exposing personal data. Mr. Corzo followed every process in place. He gave the Chancellor more than enough time to at least meet with him to discuss his concerns.  Nothing ever happened and MCCCD is now facing their biggest legal battle in their history and the highest attrition levels in IT ever. Not only that, the Administration is using the very same employees that tried to help MCCCD as scapegoats.

The Administration is denying that the grievance they received in 2012 contained any warnings regarding security issues.  Here is the text from the grievance

Security Oversight Reports

A security oversight report was delivered to George Kahkedjian by his security officer in the Spring of 2012. This report pointed out several risks and deficiencies in the organization. Most of the recommendations were ignored by George Kahkedjian. The list of recommendations included:
- Resolution of web server compromises. Months passed and none of the agreed upon steps were resolved. This represented a high risk to the organization that could expose personal information.
- Backup replacement. The backup replacement of LEGATO with Veritas Netbackup has taken over 3 years and approximately $1+ million dollars has been wasted on projects yet to be completed. The system has failed several times and there a numerous incompatibilities.
The person responsible for this project has now been appointed Chief Architect in the new  ITS Reorganization. The risk to the organization was deemed to be high.
- Other projects like a monitoring system, stolen laptops etc… were brought up to George  Kahkedjian attention and little of nothing was done to address the risk to the organization.

———- Forwarded message ———-
From: Miguel Corzo <>
Date: Sun, Jul 20, 2014 at 10:13 PM
Subject: Response to hearing committee findings Miguel Corzo – Email #1
To:,,, Doyle Burke <>, Randolph Lumm <>
Cc: Richard Galvan <>

Mr Saar, members of the Governing Board:
I will be sending you two emails tonight. I beg you to carefully review this documentation. My career, the future of my family and livelihood depend on it.
Email #1 is shown below. This is a response to a recent recommendation by the Chancellor to terminate my employment with MCCCD after nearly 30 years with this organization.
The email that follows (email #2) contains documentation regarding my termination
I recently received a letter from the Chancellor the evening of 7/17/2014 recommending my termination. I subsequently noticed a non-consent agenda item for the next Board meeting calling for termination of an employee to be named.  I have reasons to believe this pertains to me but I am not 100% sure as the name was not disclosed.
I am respectfully requesting that this item be removed from the Agenda for the following reasons:
1. In order to make an informed decision, the Board needs to listen to the only legal sworn testimony about the security incident that is available to date. This is the testimony of Earl Monsour available for purchase from the courts.  This testimony was ordered by a judge and it was taken in the presence of District attorneys and other lawyers from several lawfirms suing the District. Mr. Monsour was cross-examined under oath and testified to the events of 2011.
2. In order to make an Informed decision, the Board needs to hear from George K.  He was my supervisor.  I reported to him and so did others in the organization. He did my evaluations, gave me marching orders and provided me with feedback via performance evaluations. All indications to me were that my performance was at or above standards (‘excellent’ was his word for my 2011 performance). He reported directly to the Chancellor. His testimony is critical to your decision in my case.  I was prevented from having him as a witness in my hearing. My lawyers were not able to cross-examine him either.. If George is still with MCCCD, the Board has the power to hear from him. Does someone fear testimony from him?  Is someone being held hostage?  I urge you to find out before your wrongfully terminate my position.
3. I made a public records request 6 months ago and I just received last week a partial list of records. These records were needed to defend myself against accusations raised against me.  It was only this month that a small portion of these records were made available for my review and I am still in the process of reviewing such documents. I am unable to fully explain or defend myself b/c records have not been provided to me. I am forbidden from using records at my disposal because I must make a public records request first.  I urge you to ask the District to comply with my records request so I can be allowed due process and prove my innocence.
4. A letter of termination was presented to me last Thursday and I was given absolutely no time to respond. This is unfair and inhumane. I have spent all weekend doing what I could to provide you with a response but it is nowhere near being complete at this point. In addition, my only letter of termination was redacted and exhibits are missing so I am unable to properly defend myself.
5. The letter of termination wrongfully assumes that I have seen a critical document, the Stach and Liu report of 2011.That document was never shared with me (See attached letter from Martin Gang). All I have seen to date is a high-level/superficial 8-9 page of what appears to be a PowerPoint presentation from Stach and Lieu in 2011. That document is almost fully redacted with most of the pages being blank. Most of the accusations raised against me are based on my knowledge of the assessment that Stach and Liu did in 2011. I had no knowledge of the details of such assessment.  That information was not shared with me. All I knew is that my systems at the time of the 2011 incident were not compromised. All I was told is that systems under the supervision of another ITS Director who has now resigned had been hacked and needed to be replaced. My job is not to play GOD in ITS and know all the details happening in every ITS department. The job of supervising all activities in the ITS departments belongs with the VC of ITS.
6.  I have been denied due process in a hearing that has been one-sided and heavily stacked in the Administration’s favor.  Nearly all sections of the MAT dismissal process in the MAT policy manual (15.2) have been violated (see attached).  There are policy violations and breaches of contract everywhere you look. I was not provided with public records that were readily available and necessary for my defense. I was denied the opportunity to bring my expert witnesses. They tampered with my witnesses and even my hearing committee representative was replaced without my approval. Lastly, none of the timelines for completion of the hearing process were followed.
7. Multiple Board policies have been violated and information has been kept from the Board for years that could have avoided the 2013 incident. These include and are not limited to: untimely notifications to employees per Board policy, untimely responses to grievances per policy, denial of due process in employee hearings and blatant lies and deception meant to confuse and misinformed the Board.
Attached you will find my first attempt at answering all accusations presented to me last Thursday evening.
Attached also is a signed  letter from Martin Gang, Assistant Vice Chancellor Information Technology Yosemite Community College Distric.  Mr. Gang was an Assistant Director in ITS in 2011 when the security incident happened. He was a member of the team that investigated the incident. The letter attached shows the Governing Board what truly happened in 2011 and who was responsible for what. The letter also validates the fact that I was never privileged to the Stach and Liu report in 2011 as directed by Mr. George Kahkejian. It is clear that Mr. Kahkejian kept me from accessing a critical piece of information that is now being used against me.
Finally, I am attaching a letter with emails back and forth between MCCCD lawyers and my lawyer regarding the hearing and lack of due process. Here you will see our attempts are obtaining public records, our efforts at identifying witness and the complete lack of cooperation and understanding by the District lawyers and the Chair of the Hearing Committee.
I have been working none-stop since Friday to compile the response to the hearing committee findings. It is not at the professional level that it needs to be and I truly apologize for any formatting or spelling errors.  I decided to focus on content rather than aesthetics. I was literally given no time to respond to any of the accusations and findings that were presented to me last Thursday. This is my best effort given the short notice to defend myself against wrongful termination. MCCCD took months to deliver this document to me and gave me only a couple of days to respond to it. I only found out about my potential termination by reading the Board agenda. No one ever told me that I was going to be terminated at the next Board meeting.
Please consider my request to remove this item from the agenda on Tuesday for the reasons listed above and allow me a fair chance at presenting my case to you directly. I would be glad to answer any questions you may have for as long as necessary so this Board can make an informed decision and protect the future of the organization.My commitment is and has always been to MCCCD faculty, staff and students.
I encourage the Board to own their own findings, ask questions and consider the input and testimony of more than just the District Administration.  If the Board fails to make this investment, they leave themselves open for litigation and the courts and law firms will tear us apart.
I am requesting to go into Executive Session with the Board at some point in the future, if I am indeed being recommended for termination at the next meeting. 
Please let me know so I can plan accordingly.
Respectfully submitted,
Miguel Corzo


Miguel Corzo responds to Hearing Termination Recommendation


Leave a Reply