33.9 F
Fort Worth
Monday, November 30, 2020
Government Council Report: Update on data security addresses lawsuit by former employee

Council Report: Update on data security addresses lawsuit by former employee

Other News

Tarrant County DA’s office changing how it handles misdemeanor marijuna cases

The Tarrant County Criminal District Attorney’s Office is changing how it handles misdemeanor marijuana cases. The Tarrant County  Criminal District Attorney’s Office on Monday, Nov....

Arlington selects new police chief from Baltimore department

Col. Al Jones, a 25-year veteran of the Baltimore County Police Department, has been appointed the new police chief of the the City of...

Family of Black woman shot through window sues Texas officer

FORT WORTH, Texas (AP) — Family members of a Black woman who was killed when a white police officer fired through a window of...

Law firm offers free estate plans for health care workers during pandemic

Fort Worth attorney Erik Martin says he felt compelled to find a way for his law firm to join the effort to support frontline...

Fort Worth Chief Technology Officer Kevin Gunn presented the city council with an update on data security during the May 21 work session, along with addressing the recent lawsuit filed by a former employee.

“A lot of time, effort, energy, funding is invested in protecting these valuable resources,” Gunn said. “I can’t emphasize enough that we take it seriously and work 365 days a year.”

The whistleblower lawsuit, as it has become known, was filed in Dallas County on May 15. In it are allegations of numerous information security deficiencies:

*Hackers stole $515,000.

*Sensitive employee information on Internet accessible networks.

*Improper access to Criminal Justice Information Systems (CJIS) and falsification of CJIS compliance information.

*Protection of credit card data.

A former employee has claimed termination due to reporting of these items.

Gunn addressed each of the allegations independently. Here is his report:

Allegation: Hackers stole money.

*City and Imperial Construction where victims of a phishing email in October 2017.

*Accounts Payable staff received email and did not follow established procedure

*$693,625.77 sent to fraudulent account in October 2017 ($48,000 recovered).

*Reported to Fort Worth Police Department in January 2018, once notified by Imperial of non- payment.

*Reported to external auditor for review of controls; reviewed for employee fraud and deemed immaterial for final report.

*Council approval on April 3, 2018 for Risk Fund appropriation to cover the loss.

*Arrest made in May 2018.

*Direct deposit information for six employees was changed.

*Suspect, phishing email source.

*Payments of $16,007.35 were misdirected to a prepaid card account by scammers.

*Payroll staff notified FWPD in May 2018.

*Additional review procedures implemented for changes to banking information was put in place for all instances.

Allegation: Sensitive employee information accessible on the Internet.

*IT Solutions notified September 2018.

*Source was a third-party, supplemental benefits vendor web portal.

*The city notified the vendor, who immediately added additional authentication requirements.

*No indications that employee information was improperly accessed or released.

*Web portal does not display Social Security number, but employees can add dependent information.

Allegation: Improper access and falsified CJIS information.

*City received letters of compliance for all of the past CJIS audits, with the most recent in January.

*ITS staff met with FWPD command staff in May/June 2018 to implement plan to tighten CJIS compliance.

*Police identified ITS staff with access rights to CJIS, but no related job responsibilities.

*ITS performed updated background investigations of all staff and took appropriate action, continuing to review.

*Employee who filed whistleblower suit was tasked to mitigate the computer access issue.

*One incident of improper access by disqualified staff, report filed with DPS.

Allegation: Failed to protect credit card information.

Payment Card Industry Data Security Standards:

*In 2018 the city moved from Level 3 to Level 2 based on transaction volume.

*Water department is compliant; remainder of the city is compliant at Level 3, but not at Level 2.

*Followed normal process to submit a plan to be compliant by October.

*Quarterly progress reports, now monthly reports.

Going forward, Gunn noted the Data Security Program has:

*Placed an emphasis on reasonable approach to protecting city systems.

*Increased team to four staff.

*Turnover brought new staff to the team.

*Increased funding over the past three years.

*Upgraded systems and software.

*Added new protection measures.

District 4 Councilman Cary Moon said of the allegations and the report, “My concerns are the errors out there in the public sentiment that are not correct, the perception that we as a mayor and council are not transparent, and then to really make sure we as an organization have corrected some simple errors in our controls that should not have been made.”

Gunn also noted that, like most systems, Fort Worth’s is under constant attack. He said in the past 90 days the system:

*Blocked 456,900 attempted vulnerability exploits from the Internet.

*Blocked 17,400 HTTP brute force attempts on web applications.

*Blocked 33,400 Spyware downloads.

*Blocked 17,980 virus downloads.

*Blocked 10,200 attempts from users browsing malware hosting sites.

In the past 30 days, the system:

*Detected 106 malware downloads.

*Blocked 352 phishing campaigns.

*Investigated two potential data leaks comprising of 413 credentials.

*Investigated one potential brand protection case.

“The large majority of errors we’ve seen are human errors,” Mayor Betsy Price said. “You’ve got good protection in place, and it’s hard to stop those.”


close






Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox.

We don’t spam! Read our privacy policy for more info.

Latest News

Congress returns with virus aid, federal funding unresolved

WASHINGTON (AP) — After months of shadowboxing amid a tense and toxic campaign, Capitol Hill’s main players are returning for one final, perhaps futile,...

JRB Fort Worth chosen for main operating base for C-130J aircraft

Naval Air Station Joint Reserve Base Fort Worth has been selected as a main operating base for eight C-130J aircraft at the 136th Airlift...

Holiday trends to watch: Adult Play-Doh; stores that ship

NEW YORK (AP) — The pandemic is turning this into a holiday shopping season like no other. Toy companies are targeting stuck-at-home grown-ups with latte-smelling...

Tarrant County DA’s office changing how it handles misdemeanor marijuna cases

The Tarrant County Criminal District Attorney’s Office is changing how it handles misdemeanor marijuana cases. The Tarrant County  Criminal District Attorney’s Office on Monday, Nov....

Arlington selects new police chief from Baltimore department

Col. Al Jones, a 25-year veteran of the Baltimore County Police Department, has been appointed the new police chief of the the City of...