Court asked to force MCCCD to turn over security breach documents

The law firm of Gallagher and Kennedy, on their own behalf, filed a Motion to Show Cause in Maricopa County Superior Court last week against Maricopa County Community College District for documents they requested in January. In preparation for filing a class action, the firm had requested the documents related to the District’s security breach, which exposed the personal information of 2.5 million current and former students and employees.

Gallagher and Kennedy advise the Court that the District refused to turn over even a single document. “This is stonewalling, pure and simple.”

An emergency hearing is requested as a result of District Administration’s refusal to turn over public records regarding the recently revealed security breach.

Many believe that the records will show that the Administration was warned by employees after a 2011 breach that the main Maricopa web servers were vulnerable. In November of 2013, the District finally disclosed, a full seven months after a massive breach earlier in the year, that 2.5 million current and former students and employees’ personal information including names, addresses, and social security numbers was reported to have been accessed by hackers.

According to the Motion, “The details remain murky, to say the least. It turns out that the District had been keeping this confidential information in its system for decades, and the FBI had discovered all of it available for sale on the Internet back in April 2013. Even worse, although the District did not tell the victims, it turned out that there had been a similar breach in 2011, and experts at the time had identified serious vulnerabilities that the District chose not to address.”

The law firm argues in the Motion notes that the case is “anything but routine. At issue is a public agency’s effort to stonewall discovery of the truth regarding the events that led to at least fourteen of its databases being available for purchase on the Internet – databases that together amounted to a gift-wrapped package for identity thieves the world over.”

The law firm concludes, “To call this a matter of public importance would be a gross understatement, and the District’s conduct in failing to turn over even a single document is outrageous.”

What is more outrageous?

Community college advocates say what is more outrageous is the apparent lack of action by the District’s Governing Board. They say that the Board’s failure to demand an open and transparent process and failure to demand an investigation into employees’ claims by the District’s Chancellor Glasper is eroding the public’s trust and support for the District.

The powers and the duties of the Governing Board include “holding the chancellor accountable for successful achievement of outcomes …,” according to state law.

That lack of trust can and most likely will result in an inability to pass bonds and adequately fund District projects. Those projects, MCCCD Administration say, are desperately needed to ensure future data security. However, critics look to that past performance and say that under the current leadership, security was never a priority, unless of course you were talking about “administrators’ job security.”

They are concerned about the bond ratings because of the liabilities incurred by the Administration’s mishandling of the situation, which has reduced the general fund through the use of very expensive consultants.

Is institutional knowledge at risk?

Some of those consultants were called in to notify students and employees of the breach, and others were used to work in the District’s IT department.

As a result of the decision to bring in consultants rather than work with the staff that first identified the problem and tried to get the District to take appropriate steps to prevent the 2013 breach, morale is very low across the District. Institutional knowledge has been all but purged, and productivity sinks lower while consultant costs rise at astronomical rates.

What about the students?

Student advocates worry that financial aid could be impacted if the District loses its accreditation due to the Board and Administration’s failure to act an extensive list of mismanagement use of bond funds.

While that outcome is unlikely given the wide berth accreditation organizations give to distressed institutions, it is certain that students will see an increase in tuition as a result of the District’s failures.

The high costs of consultants will surely be passed on to students. The costs of expected lawsuits by employees and students will come out of the General Fund and must be replaced somehow. The District will likely lose students, too.

It has already lost the top two IT executive consultants it brought in to correct the situation. Reportedly, one of them threw up his hands in disgust with what he found.

Is the MCCCD Governing Board listening?

Several Governing Board members seem to be disturbed by the situation. They seem to recognize their responsibility for preserving the public’s trust. However, it is unclear if they are aware but do not understand their role as the public’s representatives, or if they are simply afraid to rock the Chancellor’s boat.

Either way, community members are considering a recall of the Governing Board if they do not publicly call for accountability and hold the Administration responsible. So far, they seem content to grimace or hold their heads in their hands during Governing Board meetings and not much more.

Is anyone taking action?

Student advocates are encouraging others to attend the next Governing Board meeting to demand that the Board fulfill their responsibilities to the students and the general public. Also, a group of citizens have created an online petition calling for immediate action at http://www.change.org/petitions/public-audience-demand-transparency-from-mcccd-sign-the-petition-2

Related articles:

MCCCD Governing Board called on to fire Chancellor

MCCCD ignored employees warnings, security breached

MCCCD policies ignored by Glasper, staff

To learn more visit www.maricopabreach.com

2 Comments on "Court asked to force MCCCD to turn over security breach documents"

  1. It is offensive that this situation at MCCCD exists and Tom Horne and the Gov. are on the sidelines.

    A Governor and AG that recognize their duty would be on the look out for these types of crimes and would, w/o prompting start their own investigations.

    Tucson City Council and PBOS should also have been investigated, prosecuted and jailed by now by the state, and that will never occur, so MCCCD Governing Board will walk

    Next in the headlines, the Feds award MCCCD Governing Board, “Best CC in the Nation”, Governing Board sought for federal appointments.

    To what purpose is this headed? Someone is going to make a ton of money.

    Meanwhile, our communities and the nation deteriorate,,,,,,,this story occurs in every community in our nation.

    Their answer, “We can do anything we want to anyone we want”

  2. the same government that would like to ‘force you to sign up for medical care ‘for free of course’ – this is nothing more than re-auditing the data base for the new machines – with all signed up the live will be separated from the dead – the database updated – they will be able to impose more control(s) – the first update of this type was when Jimmy Carter said we needed to sign up so that the government wouldn’t loose on tax money owed to it from bank interest – the reality is ‘if you have a bank account your’ alive’ the entire base before was paper from the SS days of the 50’s – now with new super computers – with new super computer language – they need to ‘re-sign everyone for the next phase of 10,000 pages’ get ready here it comes.

Comments are closed.