Maricopa Security Breach

The rest of the story

By

Miguel Corzo speaks to Governing Board | Maricopa Security Breach

The Governing Board voted on 7/22/2014 to terminate Miguel Corzo. The entire video of the Board meeting is now available here.  

Follow-up articles:
- The Arizona Daily Independent ‘MCCCD denies due process, fires whistleblower’
- Az Central Maricopa Hacking Scandal: Same Old Excuses’
- Databreaches.net ‘MCCCD Breach: View from the underbus
- 3 TV – AZ Family ‘School fires IT manager who warned of breach

Board Members were operating with inaccurate and incomplete information

  • MCCCD refuses to call Mr. Corzo’s witnesses
  • MCCCD  refuses to provide Mr. Corzo with public records
  • MCCCD had been breaking OML laws since April 2013
  • Board-established employee policies violated
  • Mr. Corzo civil rights and due process violated
  • Board Members silenced
  • MCCCD  unwilling to provide any evidence to support their accusations
  • MCCCD Board Member misinformed about database ownership in Stach and Liu report. Not a single database was mentioned by name in that report.
  • Famous Stach & Liu report of 2011 was a 13 page PowerPoint pointing to network and security issues. All databases in the report resided on the compromised webservers only.
  • MCCCD ignores content of signed and dated IT Grievance that will hold up in Court.
  • Read More

By

Grievance escalated to Board – MCCCD still at risk

The email below was recently sent to the MCCCD Governing Board.
Its purpose was to escalate the IT Grievance that could have prevented the 2013 breach to the attention of the MCCCD Governing Board.

Chancellor Glasper never responded to this Grievance.  By policy, Dr. Glasper had 10 days since initial filing (10/2012) to address the issues in the grievance.  Over a year has passed and no answer has been received by employees.

In addition to MCCCD policy violations, employee’s First Amendment Rights have been violated.   The right to petition government for redress of grievances is the right to make a complaint to, or seek the assistance of, one’s government, without fear of punishment or reprisals.  Several employees who filed this grievance have been forced to retire early or are now being terminated by MCCCD.

_______________________________________________________________
ITS Grievance redacted

Date: Wed, Apr 9, 2014 at 7:47 PM
Subject: Escalation of ITS Grievance to Governing Board Members
To: doyle.burke@domail.maricopa.edu, alfredo.gutierrez@domail.maricopa.edu, randolph.lumm@domail.maricopa.edu, debra.pearson@domail.maricopa.edu, dana.saar@domail.maricopa.edu

Members of the Board,

 
Per MAT policy, we are now escalating the attached employee grievance to you, the MCCCD Governing Board.
Read More

By

The Vice-Chancellor of IT knew about the breach – Letter to the organization

The MCCCD Administration has repeatedly said in the press that they did not know how extensive the 2011 breach was.  They go on to say that they were never told how significant this breach was.  Furthermore, they seem to be set in their ways to blame the very same employees that warned them well in advance of the 2013 incident.  The following letter was sent in March 2011 from Vice-Chancellor of IT George Kahkejian to the entire Maricopa Community. It appears that he was very well aware of the details, the magnitude, the involvement of a consulting firm and many other aspects of the investigation.  It is hard to believe that the Chancellor did not see this email. It was sent to ALL MCCCD employees. It is hard to believe that Chancellor Rufus Glasper did not communicate with Mr. Kahkejian in a matter of such importance where even the FBI was involved. The MCCCD Administration is in denial and looking for a scapegoats.  If only they had done what they said they would.

GeorgetoMaricopa2011 (1)
See timeline of events for this security breach from 2011 to 2014 

By

The Chancellor was informed of security risks – IT Grievance released

One of the biggest kept secrets have finally been released by MCCCD to the media. There are others but this one is important because it establishes that the MCCCD Administration (Rufus Glasper) was warned well in advance of the 2013 incident that security vulnerabilities existed and had not been addressed. ITS employees had to file an official grievance to let Chancellor Rufus Glasper and the Governing Board know that the identity of millions of people was at risk.  The IT Grievance was sent to the Chancellor by then MAT (Union) representative Kerry Mitchell on behalf of IT employees in October 2013.  Follow-up messages (to be posted later) were sent to Glasper but no action on the grievance was ever taken.

ABC 15 reports in this TV story what they learned from the IT Grievance.

http://www.abc15.com/news/let-joe-know/report-employees-called-mcccd-servers-high-risk-in-complaint-to-district

14a – 10-2012 Email from Kerry and Cecilia to Dr Glasper on Grievance

By

ABC 15 Coverage – Maricopa County Community College security breach update: Workers told to turn over documents

Here is today’s News 15 coverage on the MCCCD security breach

http://www.abc15.com/news/let-joe-know/maricopa-county-community-college-security-breach-update-workers-told-to-turn-over-documents

MCCCD employees have received a letter from James Bowers, Interim VC of HR requesting that documents be turned over to the District.   Here is a brief synopsis:

1.  MCCCD has not provided employees access to records they need for their defense.  It has now been nearly a month an a half since records were requested.  The official records request sent to MCCCD in mid-January will be posted here shortly. No response or acknowledgment has been received from MCCCD.

2.  To make things worse, MCCCD now wants employees to return records they obtained via official records request regarding the security breach.

3.  Neither Mr. Corzo or Mr. Monsour have any sensitive information about the MCCCD Network. At the time of the incident, the responsibility, access and knowledge of the MCCCD network rested with another Director in the organization.  The harm has been done by MCCCD failure to act on information provided.  The harm to MCCCD now goes beyond a security breach.

4.  The press has been stonewalled when it comes to records request as well and little or nothing has been provided. MCCCD claims that documents are confidential and cannot be provided due to the hearing even though employees have waived their rights to confidentiality. We will post the letter from MCCCD here as well as the employee response.
Read More

By

New Article – MCCCD Policies Ignored by Glasper

Here is another link to an article publish by the Arizona Daily Independent on MCCCD policies “MCCCD policies ignored by Glasper” that were not properly addressed by the organization.

http://www.arizonadailyindependent.com/2014/03/03/mcccd-policies-ignored-glasper-staff/

This article focuses on a grievance filed buy (6) IT employees in 2012 and the lack of response from the Maricopa Community College District administration.  The grievance is an official MCCCD document filed by the Presidents of two employee groups at MCCCD on behalf of the IT staff. A prompt response to this grievance by the Administration could have prevented this incident, according to the article.

Are people asking the right questions regarding this incident?  Does it make sense for MCCCD to risk its reputation over a security incident like this?  Who is running the organization?

By

New article – Costs of MCCCD computer breach escalate

Here is a link to a new article by Mary Beth Faller in the AZ Republic regarding the MCCCD computer breach.

http://www.azcentral.com/community/phoenix/articles/20140301mcccd-computer-breach-costs-rise.html

Just a few months after the breach, legal costs are beginning to skyrocket.

MCCCD security breach costs

IT costs are also beginning to escalate as projects previously approved by the Board now need resources for implementation.

ITS is asking the Governing Board for additional funding to hire new IT staff.  It is unclear what happened to the ‘permanent dollars’ ITS had from the 40+ individuals who left the organization in the midst of the turmoil. Salary savings might have been used to hire consultants.

By

MCCCD Board called on to fire Chancellor

Check out this new article posted by the Arizona Daily Independent.
It contains footage of the 2/25/14 Governing Board Meeting where citizens called for the Chancellor to be fired.

MCCCD Board called on to fire Chancellor