67°F
weather icon Clear
Las Vegas, NV
Nevada

State agency audit withheld to protect sensitive data after security lapses found

Nevada State Capitol file photo (Amadscientist/Wikimedia Commons)
More Stories
Former President Donald Trump speaks to a crowd at a caucus night watch party hosted by the Tru ...
Trump campaign, RNC, Nevada GOP challenge state law on mail ballots
‘I will kill you’: Witness tells grand jury Rodimer threatened, attacked alleged victim
Stan Colton, seen in March 2010. (Las Vegas Review-Journal)
Stan Colton, former Nevada state treasurer, justice of peace, dies at 85
DMV upgrade could cost Nevada extra $300M amid rollout woes
By SANDRA CHEREB LAS VEGAS REVIEW-JOURNAL
October 19, 2016 - 3:58 am
 

CARSON CITY — Auditors delayed release of a report detailing security vulnerabilities in state databases to protect the information of tens of thousands of current and former state employees and their beneficiaries, a legislative committee was told Tuesday.

Douglas Peterson, information systems audit supervisor, told the Legislative Audit Subcommittee it was the first time he can recall in 20 years with the state that a decision was made to withhold an audit until problems are fixed.

The audit of the Department of Administration’s Human Resource Management division revealed sensitive personal records were stored unencrypted in databases and the accounts of some former employees were not disabled, potentially allowing unauthorized access to information.

Also, computers used by division staff and some servers lacked adequate virus protection and were missing operating system security upgrades. Hard drives of photocopiers also were not being routinely erased, the audit found.

Patrick Cates, Department of Administration director, said there was no breach of sensitive information and that steps have been taken to close the security gaps.

“This audit was an eye-opener,” Cates said.

Auditors found one unprotected database contained Social Security numbers of more than 145,000 current and former state employees and their beneficiaries. They also identified 42 computer accounts of ex-employees that had not been disabled. Of those staffers, 31 left the agency more than a year ago and one had been gone almost a decade.

Human Resources Management wasn’t the only agency with computer security problems. A separate audit found similar vulnerabilities at the Nevada Department of Wildlife, where 43 laptop computers used by game wardens contained confidential, unencrypted information, including credit card numbers. Additionally, all of the department’s 17 servers lacked virus protection software, making them vulnerable to malware.

State Sen. Ben Kieckhefer, R-Reno, chairman of the subcommittee, questioned how such security lapses could occur, given that many agencies have their own information technology staff and the state has a central unit, Enterprise Information Technology Services, to coordinate information technology issues and provide support to agencies that lack designated staff.

In the case of the administration databases, Enterprise Information Technology Services support staff were unaware of a requirement to encrypt information, the audit said.

The audit also found a lack of communication between the Human Resources division and Enterprise Information Technology Services and noted the need for agreement on what technology services Enterprise Information Technology Services will provide.

Contact Sandra Chereb at schereb@reviewjournal.com or 775-461-3821. Follow @SandraChereb on Twitter.

Don't miss the big stories. Like us on Facebook.
THE LATEST
MORE STORIES
recommend 1
Israel and Ukraine: Where Nevada GOP Senate candidates stand on foreign aid
recommend 2
EDITORIAL: How to burn tax dollars and have little to show for it
recommend 3
CARTOON: This is why you don’t hate the IRS enough
recommend 4
EDITORIAL: DMV computer upgrade runs into more snags
recommend 5
Vegas luxury embraces green homebuilding
recommend 6
Savvy Senior: What to know about all-inclusive retirement communities