Ex-Sheriff: Mesa County Website Breach Could Endanger People
Confidential Law Enforcement Records Accidentally Posted On Website For Months
Last Updated: 1105 days ago
Police informants names and home addresses of sheriffs deputies are among a mountain of confidential information accidentally posted on Mesa Countys public website for seven months, authorities said.Now Sheriff Stan Hilkey and top county administrators are scrambling to notify as many as 200,000 people whose names appear in the Sheriffs Office records management system that their information could have been compromised, the Grand Junction Daily Sentinel reported Friday.Officials said they dont know how many peoples files were publicized in the breach of more than 20 years of personal and investigative law enforcement records.My flush reaction is its obviously a cyber disaster, former Sheriff Riecke Claussen told the Sentinel. I think that, obviously with the type of information that the sheriffs office deals with, that security of information is of top concern.Claussen, who worked for the sheriffs office for 32 years, said the release of private information could be a life-threatening situation for people who have been involved in law-enforcement investigations and called the potential compromise of criminal investigations frightening.The files posted on the website featured included names of confidential informants, e-mails about crime victims and homicide investigations, the newspaper said. They also included personal details about sheriffs employees: home addresses, names of employees spouses and children and schools the children attend.Comprised information could include records from the Fruita Police Department since 2002 and the Palisade Police Department since 2007, because those agencies have used the sheriff record-management system on a limited basis during those years, county officials said.In a Friday statement titled Protect Yourself (Data Breach Update), county officials said, "Anyone concerned about their information possibly having been compromised should ask the credit bureau to set up a fraud alert on their account."While many people may not be in the database that was exposed, we think its better to be proactive, said Acting Mesa County Administrator Stefani Conley. We urge anyone who thinks theres a chance that their personal information might be involved to take action.This is a good first step toward preventing identity theft, which occurs regularly, Hilkey added. Its one phone call. Its always a good idea to take the time to protect yourself.Hilkey said his agency has notified confidential informants about what happened.Authorities told the Sentinel an employee in the countys Information Technology Department in April accidentally loaded the files onto what he believed was an encrypted county server. The employee was working on a project integrating computer databases between Grand Valley law-enforcement agencies.Instead, the information was posted on the countys public website, the newspaper said. Authorities later learned someone outside the county first accessed data on the website Oct. 30. The site wasnt taken down until Nov. 24, when an individual found their name mentioned in the files while searching the Internet and notified authorities.The longtime information technology employee, whom the sheriffs officials wouldnt name, no longer works for the county, the Sentinel said.Hilkey said the data was accessed multiple times from local, national and international computers, the newspaper said. But authorities are struggling to assess the magnitude of the break, including exactly how many people have obtained the information and how much of it remains online.