The truth no one ever heard until now!
Oracle Security Report Not Shared
It looks like people with inside information into the Security Breach at MCCCD are now starting to disclose new information to the media that was never shared before. This recent post by Databreaches.net points to MCCCD hiding information (Oracle Corp. security assessment) from its own employees and the public for plausible deniability in litigation. Critical vendor reports were never shared with the staff in 2008, 2011 and 2013.
Millions are being spent defending against the largest security breach in the history of higher education. All of it could have been avoided had the MCCCD Administration shared with its own staff technical reports from Oracle they knew about. The identity of several million people has been stolen when according to the report from Databreaches.net, the organization withheld critical information that could have prevented it. Furthermore, this information from Oracle Corp. may still be an internal secret to most of the employees at MCCCD who are trying to secure the system after the 2013 breach.
In April 3rd, 2014, a few days after Miguel Corzo and Galvan (Corzo’s lawyer) left a hearing that had apparently been rigged to benefit the District Administration, conceal evidence from ever being made public and keep witnesses, including Rufus Glasper, from testifying, Mr. Galvan sent this letter to MCCCD.
From: Richard Galvan <email@example.com>
Date: Tue, Apr 8, 2014 at 4:58 PM
Subject: MCCCD Hearing
To: Lee Combs <firstname.lastname@example.org>, James Tucker <James.Tucker@wilsonelser.com>
Response to your email dated April 1, 2014
It is Mr. Corzo’s position that these proceedings are fatally flawed and, consequently he refused to participate in the March 31st hearing. The bases and reasoning for his position include:
1. The District’s unlawful refusal to provide Mr. Corzo with the public records he requested nearly 3 months ago pursuant to the Arizona Public Records Law.
2. In violating the law, the District not only failed to produce the documents, but it failed to provide Mr. Corzo, in accordance with the Arizona Public Records Law, with an index of all the public records subject to his requests along with the individualized reason why the District denied production of each paticular document.
MCCCD sued by local lawfirm over public records. Recent articles in the front page of the Arizona Republic, Arizona Daily Independent and Databreaches.net tell the story.
This entire incident could have been avoided had Dr. Glasper and the District Administration taken action in a simple internal grievance document filed by employees back in 2012 to alert the District of the security issues. Policies were ignored by Glasper. The Administration ignored letter after letter from concerned employees like Teresa Toney (Public Stewardship), Kerry Mitchell and Cecilia Quiroz (Presidents of employee groups), IT employees, community members and former employees who tried to raised flags before they left. Read the entire chronology of events here.
Demand transparency from MCCCD and sign the online petition.
Millions in taxpayer dollars and employee time are now going towards handling the mismanagement of this situation. Employees are leaving the organization and MCCCD faces heavy penalties and expensive lawsuits.