Maricopa Security Breach

The rest of the story

By

MCCCD kept Oracle security reports from staff

The truth no one ever heard until now!
Oracle Security Report Not Shared

It looks like people with inside information into the Security Breach at MCCCD are now starting to disclose new information to the media that was never shared before. This recent post by Databreaches.net points to MCCCD hiding information (Oracle Corp. security assessment) from its own employees and the public for plausible deniability in litigation. Critical vendor reports were never shared with the staff in 2008, 2011 and 2013.

http://www.databreaches.net/did-mcccd-leadership-shut-their-eyes-to-a-database-security-assessment-for-plausible-deniability-in-litigation/

Oracle security assessment - mcccd

Millions are being spent defending against the largest security breach in the history of higher education. All of it could have been avoided had the MCCCD Administration shared with its own staff technical reports from Oracle they knew about. The identity of several million people has been stolen when according to the report from Databreaches.net, the organization withheld critical information that could have prevented it.  Furthermore, this information from Oracle Corp. may still be an internal secret to most of the employees at MCCCD who are trying to secure the system after the 2013 breach.

By

Wrongful employee termination – MCCCD Security Breach

Attached is the response to the Chancellor’s recommendation to terminate Mr. Miguel Corzo’s employment.
The letters below were sent to the Governing Board in response to the upcoming Board meeting.

The MCCCD Administration is accusing Mr. Corzo of not doing a job that wasn’t his to do, being responsible for systems he wasn’t supposed to be responsible for, knowing about a document that was never shared with him, not communicating upwards when he repeatedly did so, and not doing enough during an incident in 2011 when he was onsite, working with his staff and others to help MCCCD address a small security breach.  In 2013 when the second and larger breach took place, Mr. Corzo was no longer assigned to any supervisory or database duties.

The ERPs at MCCCD that Mr. Corzo was responsible for were never compromised in 2011. A small database residing on the main maricopa webservers was compromised.  This database was the responsibility of the marketing department and the network and server team at MCCCD not Mr. Corzo’s team.
It is not what happened in 2011 that matters as much as what the Administration did after 2011 and before the 2013 incident. The 2011 incident was indeed minor.  Nothing really happened of any significance. The Administration simply ignored or decided to take a chance on documents provided to them that clearly stated that something had to be done to repair our systems after a minor breach.  That was a calculated risk that unfortunately had serious consequences and no one in the Administration wants to be responsible for. Mr. Corzo warned the Administration multiple times with 12 letters, including 3 emails regarding an IT grievance that clearly stated that MCCCD was at great risk of exposing personal data. Mr. Corzo followed every process in place. He gave the Chancellor more than enough time to at least meet with him to discuss his concerns.  Nothing ever happened and MCCCD is now facing their biggest legal battle in their history and the highest attrition levels in IT ever. Not only that, the Administration is using the very same employees that tried to help MCCCD as scapegoats.

Read More

By

MCCCD – The Year of Living Dangerously | Under New Management

Here a new article on the history of the MCCCD security breach, the cost of the failure to respond and the current state of affairs.

http://www.arizonadailyindependent.com/2014/04/29/mcccd-data-breach-saga-continues-costs-mount/

Today, 4/29/2014, Earl Monsour is being deposed at the Gallagher and Kennedy Office in Phoenix, Az. A deposition that may last a couple of days if not longer. This is just the beginning, one of hundreds of individuals who will have to be deposed. Lawyers and more lawyers (9-10 today only) are involved at an hourly rate of approximately $300+/hr.  A bill MCCCD will end up paying with taxpayer dollars if they lose these cases in court.

MCCCD lawyers are working around the clock trying to hide the truth from the public hoping that a judge will support the complete lack of transparency of a publicly funded institution. A few days ago, the Governing Board approved a $3 tuition increase to generate millions of dollars of new revenue.  Students who already registered and paid for their Fall semester will receive a new bill and hopefully not be dropped from classes when MCCCD runs their dreaded ‘purge’.  New students will need to pay a bit more if they want to attend. All of this, while MCCCD sits on top of a large sum of cash totaling nearly $500 million (see The Bulging Cash Hoard at MCCCD).  It begs the questions, who is the MCCCD Governing Board serving? What is the mission of the institution? Why are you asking for more money when you have so much?  Are you trying to keep that infamous bond rating at the expense of the community?
Read More

By

MCCCD sued over public records | Maricopa Security Breach

MCCCD sued by local lawfirm over public records. Recent articles in the front page of the Arizona RepublicArizona Daily Independent and Databreaches.net tell the story.

This entire incident could have been avoided had Dr. Glasper and the District Administration taken action in a simple internal grievance document filed by employees back in 2012 to alert the District of the security issues. Policies were ignored by Glasper. The Administration ignored letter after letter from concerned employees like Teresa Toney (Public Stewardship), Kerry Mitchell and Cecilia Quiroz (Presidents of employee groups), IT employees, community members and former employees who tried to raised flags before they left.  Read the entire chronology of events here.

az daily

Demand transparency from MCCCD and sign the online petition.

Millions in taxpayer dollars and employee time are now going towards handling the mismanagement of this situation. Employees are leaving the organization and MCCCD faces heavy penalties and expensive lawsuits.

By

MCCCD employees denied due process | Security Breach

Maricopa Community College District (MCCCD) employees are being denied legal rights to due process by the MCCCD Administration and the hearing committee. MCCCD refuses to comply with employee request to access to public records in order to defend themselves in a public hearing.  Lawsuits are now being filed in court to resolve this matter. MCCCD employees have not received ‘a single’ document since their records request was made months ago. Furthermore, MCCCD appears to have failed to notify their employees of records request as requested in order to preserve evidence. A recent article in the front page of the Arizona RepublicArizona Daily Independent and Databreaches.net tell the story.

The following string of emails represent communications between Mr. Galvan and the hearing committee at MCCCD handling the security breach. Additional communication between these two parties will take place this week. We will post the information as it becomes available. Stay tuned!

mcccd records request

Demand transparency from MCCCD and sign the online petition.

Observations:

  • When an edicational institution is not transparent with the public, it is safe to assume that they have something to hide.
  • The matter of public records request is now in court and Mr. Lee Combs, legal counsel for MCCCD, is being sued for MCCCD refusal to turn over public records. Other lawsuits are on the way.
  • Read More