Is it coincidence or providence that former state Auditor Brian Sonntag warned incoming Gov. Jay Inslee about outdated technology shortly before the state Administrative Office of the Courts discovered that computer hackers had accessed up to 160,000 Social Security numbers and 1 million driver’s license numbers?
Sonntag left office in late January and officials found the computer security breach in February. They believe it occurred some time between last fall and February.
It’s also interesting that state Auditor Troy Kelley released a new performance audit on May 8 revealing that the state’s financial management system is “fragmented, out-of-date technology” that “does not efficiently meet agency or state needs.”
Two days later, court officials announced the security breach and that hackers obtained at least 94 Social Security numbers.
According to an Associated Press report, court officials originally believed the hackers only accessed information already available as public record. They didn’t confirm the broader and more serious breach until April.
We question why it took state officials another month to inform the public?
Ninety-four Social Security numbers represent a small percentage of the 160,000 the hackers could have stolen — to be exact, 0.00059 per cent. But that is no comfort to those 94 individuals who could be caught in the nightmare of identity theft.
Both Kelley and Sonntag focused on a weakness in how the state manages its finances, urging the OFM to take broader responsibility over individual state agency budgeting and long-term financial planning. But they also found that outdated technology played a key role in creating the problems.
That creates weaknesses through which computer thieves can steal information.
Kelley’s office found that because of “the limitations of the primary and core systems, state agencies have implemented more than 100 redundant components, ranging from single Excel spreadsheets to stand-alone systems.” The audit estimates a price tag of $178 million to develop an integrated financial management system, with an eight-year return on investment.
The Legislature will not find that money in the next biennium’s operating budget, given the priority both parties have placed on K-12 education funding. But the $2.4 million the House, Senate and governor’s budgets set aside to review and plan a new technology solution doesn’t cut it.
State lawmakers should instead look to the capital budget, as the Washington Policy Center, and others, have suggested. That would move this essential reform forward more quickly, although bonding the short-term lifespan of computer software and hardware comes with its own set of risks.
However state lawmakers decide to finance the project, something must get done, and soon. With so much of citizens’ personal information residing within government databases and the rising tide of computer crimes, another and potentially more serious attack is inevitable.