Court asked to force MCCCD to turn over security breach documents

The law firm of Gallagher and Kennedy, on their own behalf, filed a Motion to Show Cause in Maricopa County Superior Court last week against Maricopa County Community College District for documents they requested in January. In preparation for filing a class action, the firm had requested the documents related to the District’s security breach, which exposed the personal information of 2.5 million current and former students and employees.

Gallagher and Kennedy advise the Court that the District refused to turn over even a single document. “This is stonewalling, pure and simple.”

An emergency hearing is requested as a result of District Administration’s refusal to turn over public records regarding the recently revealed security breach.

Many believe that the records will show that the Administration was warned by employees after a 2011 breach that the main Maricopa web servers were vulnerable. In November of 2013, the District finally disclosed, a full seven months after a massive breach earlier in the year, that 2.5 million current and former students and employees’ personal information including names, addresses, and social security numbers was reported to have been accessed by hackers.

According to the Motion, “The details remain murky, to say the least. It turns out that the District had been keeping this confidential information in its system for decades, and the FBI had discovered all of it available for sale on the Internet back in April 2013. Even worse, although the District did not tell the victims, it turned out that there had been a similar breach in 2011, and experts at the time had identified serious vulnerabilities that the District chose not to address.”

The law firm argues in the Motion notes that the case is “anything but routine. At issue is a public agency’s effort to stonewall discovery of the truth regarding the events that led to at least fourteen of its databases being available for purchase on the Internet – databases that together amounted to a gift-wrapped package for identity thieves the world over.”

The law firm concludes, “To call this a matter of public importance would be a gross understatement, and the District’s conduct in failing to turn over even a single document is outrageous.”

What is more outrageous?

Community college advocates say what is more outrageous is the apparent lack of action by the District’s Governing Board. They say that the Board’s failure to demand an open and transparent process and failure to demand an investigation into employees’ claims by the District’s Chancellor Glasper is eroding the public’s trust and support for the District.

The powers and the duties of the Governing Board include “holding the chancellor accountable for successful achievement of outcomes …,” according to state law.

That lack of trust can and most likely will result in an inability to pass bonds and adequately fund District projects. Those projects, MCCCD Administration say, are desperately needed to ensure future data security. However, critics look to that past performance and say that under the current leadership, security was never a priority, unless of course you were talking about “administrators’ job security.”

They are concerned about the bond ratings because of the liabilities incurred by the Administration’s mishandling of the situation, which has reduced the general fund through the use of very expensive consultants.

Is institutional knowledge at risk?

Some of those consultants were called in to notify students and employees of the breach, and others were used to work in the District’s IT department.

As a result of the decision to bring in consultants rather than work with the staff that first identified the problem and tried to get the District to take appropriate steps to prevent the 2013 breach, morale is very low across the District. Institutional knowledge has been all but purged, and productivity sinks lower while consultant costs rise at astronomical rates.

What about the students?

Student advocates worry that financial aid could be impacted if the District loses its accreditation due to the Board and Administration’s failure to act an extensive list of mismanagement use of bond funds.

While that outcome is unlikely given the wide berth accreditation organizations give to distressed institutions, it is certain that students will see an increase in tuition as a result of the District’s failures.

The high costs of consultants will surely be passed on to students. The costs of expected lawsuits by employees and students will come out of the General Fund and must be replaced somehow. The District will likely lose students, too.

It has already lost the top two IT executive consultants it brought in to correct the situation. Reportedly, one of them threw up his hands in disgust with what he found.

Is the MCCCD Governing Board listening?

Several Governing Board members seem to be disturbed by the situation. They seem to recognize their responsibility for preserving the public’s trust. However, it is unclear if they are aware but do not understand their role as the public’s representatives, or if they are simply afraid to rock the Chancellor’s boat.

Either way, community members are considering a recall of the Governing Board if they do not publicly call for accountability and hold the Administration responsible. So far, they seem content to grimace or hold their heads in their hands during Governing Board meetings and not much more.

Is anyone taking action?

Student advocates are encouraging others to attend the next Governing Board meeting to demand that the Board fulfill their responsibilities to the students and the general public. Also, a group of citizens have created an online petition calling for immediate action at http://www.change.org/petitions/public-audience-demand-transparency-from-mcccd-sign-the-petition-2

Related articles:

MCCCD Governing Board called on to fire Chancellor

MCCCD ignored employees warnings, security breached

MCCCD policies ignored by Glasper, staff

To learn more visit www.maricopabreach.com