Maricopa Security Breach

The rest of the story

By

MCCCD Governing Board Elections 2014 – Maricopa Breach

New Directions for Maricopa Community College District

Written by Johanna Haver and Jean McGrath – Opinion Editorial

It is time for the Maricopa County Community College District to pursue a new direction – one of fiscal responsibility and transparency – both sadly lacking under the leadership of MCCCD Chancellor Rufus Glasper and the current MCCCD governing board members.  

Over the past ten years, the college district has increased tuition 63% and property taxes to .128+%, which amounts to $128 per $100,000 valuation of a home.  The budget for 2014-15 is in excess of $1.8 billion – considerably more than the yearly budget for the entire City of Phoenix which is at $1.2 billion.  Moreover, Glasper plans to ask the MCCCD Governing Board to increase tuition again in January to pay for a budget that will likely exceed $2 billion.
|
MCCCD Governing Board - Maricopa Security Breach

According to a 2011 investigative report by the Goldwater Institute, less than 44% of the MCCCD general fund goes toward instruction. Moreover, that amount has been reduced in recent years, despite repeated directives from the board to cut administrative costs.  In comparison, Arizona’s K-12 schools spend 56% on average for instruction.

Other MCCCD expenses include lobbyists and a political advisor who rake in more than $1 million per year.  Administrative travel has been estimated at $5.3 million. The recent information technology breach fiasco, for which Glasper has fired a whistleblower and denied any wrongdoing himself, is costing the taxpayers $18 million and climbing. 
Read More

By

Wrongful employee termination – MCCCD Security Breach

Attached is the response to the Chancellor’s recommendation to terminate Mr. Miguel Corzo’s employment.
The letters below were sent to the Governing Board in response to the upcoming Board meeting.

The MCCCD Administration is accusing Mr. Corzo of not doing a job that wasn’t his to do, being responsible for systems he wasn’t supposed to be responsible for, knowing about a document that was never shared with him, not communicating upwards when he repeatedly did so, and not doing enough during an incident in 2011 when he was onsite, working with his staff and others to help MCCCD address a small security breach.  In 2013 when the second and larger breach took place, Mr. Corzo was no longer assigned to any supervisory or database duties.

The ERPs at MCCCD that Mr. Corzo was responsible for were never compromised in 2011. A small database residing on the main maricopa webservers was compromised.  This database was the responsibility of the marketing department and the network and server team at MCCCD not Mr. Corzo’s team.
It is not what happened in 2011 that matters as much as what the Administration did after 2011 and before the 2013 incident. The 2011 incident was indeed minor.  Nothing really happened of any significance. The Administration simply ignored or decided to take a chance on documents provided to them that clearly stated that something had to be done to repair our systems after a minor breach.  That was a calculated risk that unfortunately had serious consequences and no one in the Administration wants to be responsible for. Mr. Corzo warned the Administration multiple times with 12 letters, including 3 emails regarding an IT grievance that clearly stated that MCCCD was at great risk of exposing personal data. Mr. Corzo followed every process in place. He gave the Chancellor more than enough time to at least meet with him to discuss his concerns.  Nothing ever happened and MCCCD is now facing their biggest legal battle in their history and the highest attrition levels in IT ever. Not only that, the Administration is using the very same employees that tried to help MCCCD as scapegoats.

Read More

By

Grievance escalated to Board – MCCCD still at risk

The email below was recently sent to the MCCCD Governing Board.
Its purpose was to escalate the IT Grievance that could have prevented the 2013 breach to the attention of the MCCCD Governing Board.

Chancellor Glasper never responded to this Grievance.  By policy, Dr. Glasper had 10 days since initial filing (10/2012) to address the issues in the grievance.  Over a year has passed and no answer has been received by employees.

In addition to MCCCD policy violations, employee’s First Amendment Rights have been violated.   The right to petition government for redress of grievances is the right to make a complaint to, or seek the assistance of, one’s government, without fear of punishment or reprisals.  Several employees who filed this grievance have been forced to retire early or are now being terminated by MCCCD.

_______________________________________________________________
ITS Grievance redacted

Date: Wed, Apr 9, 2014 at 7:47 PM
Subject: Escalation of ITS Grievance to Governing Board Members
To: doyle.burke@domail.maricopa.edu, alfredo.gutierrez@domail.maricopa.edu, randolph.lumm@domail.maricopa.edu, debra.pearson@domail.maricopa.edu, dana.saar@domail.maricopa.edu

Members of the Board,

 
Per MAT policy, we are now escalating the attached employee grievance to you, the MCCCD Governing Board.
Read More

By

New article on MCCCD Security Breach and lawsuit

Here is extensive coverage on the lawsuit recently filed and other information related to the MCCCD security breach. The entire lawsuit is available for download

http://www.databreaches.net/maricopa-county-community-college-district-sued-to-compel-public-records-production/

databreach

By

New Article – MCCCD Policies Ignored by Glasper

Here is another link to an article publish by the Arizona Daily Independent on MCCCD policies “MCCCD policies ignored by Glasper” that were not properly addressed by the organization.

http://www.arizonadailyindependent.com/2014/03/03/mcccd-policies-ignored-glasper-staff/

This article focuses on a grievance filed buy (6) IT employees in 2012 and the lack of response from the Maricopa Community College District administration.  The grievance is an official MCCCD document filed by the Presidents of two employee groups at MCCCD on behalf of the IT staff. A prompt response to this grievance by the Administration could have prevented this incident, according to the article.

Are people asking the right questions regarding this incident?  Does it make sense for MCCCD to risk its reputation over a security incident like this?  Who is running the organization?

By

MCCCD Board called on to fire Chancellor

Check out this new article posted by the Arizona Daily Independent.
It contains footage of the 2/25/14 Governing Board Meeting where citizens called for the Chancellor to be fired.

MCCCD Board called on to fire Chancellor

By

Resources for MCCCD security breach

If you are following this case, here are a few resources to help you understand the 2013 MCCCD security breach:

Please feel free to post comment and other resources as needed regarding the MCCCD security breach.

We would like to hear from you any thoughts, suggestions or other information you may have available on this case.  Please leave a comment or contact us privately.