It has come to the attention of information security analysts that the state of Texas had a major security breach earlier this month. Fortunately, the state's consistent use of encryption technology meant that the worst consequences of such a breach were avoided.
The breach involved the accidental disclosure of full social security numbers for more than 6 million voters in the state. The numbers were released as part of a discovery process due to a court case involving the voter ID law in Texas. Attorneys challenging the law were provided with six different disks full of information. The office of Greg Abbot, the Attorney General for the state of Texas, believed that the Social Security numbers had already been truncated so that the data would contain only the final four digits of each number. Instead, for about half of the 13 million records contained on the disks, the voters' full Social Security numbers were on display.
The lawyers receiving the information notified the state at once and stopped their review of information in the database.
The breach could have been much more serious. Because all data on the disks in question was properly encrypted, the numbers were available only to those who held the encryption keys and could therefore be authenticated as empowered to see and use the data. Had the data not been encrypted, it would have been possible for those with no interest in the case to learn millions of pieces of personally identifiable information.
Small and medium-sized businesses should view this as a cautionary tale about the effectiveness and importance of encryption. IT solutions that provide encryption can be installed and maintained as part of a managed programs model for IT support.