MI: Finger-pointing over Macomb County security breach
Chad Selweski has an update on a breach reported on PHIprivacy.net in October:
County officials and contractors continue pointing fingers over a massive security breach in September that opened the door to identify theft by inadvertently exposing the Social Security numbers and dates of birth of more than 6,000 Macomb County employees and their dependents on the Internet.
Commissioner Bob Smith said Thursday he is concerned various players are “trying to spread the blame to all kinds of places.”
“This seems like a scapegoat act to try and make it look like outsiders were at fault,” said the Clinton Township Democrat, who noted a worker involved in the error has since left county employment. Officials say he was not fired.
Meanwhile, one of two consulting contractors blamed for the mess has cried foul. In an email to The Macomb Daily, Automated Benefit Services said the county and an IT consultant, Technology Resource Management, or TRM, were the culprits.
“At no point has, or will, ABS take responsibility for this incident,” the company’s attorney said.
Read more on Macomb County Daily. The county’s purchasing policy was changed as a result of the breach.
PHIprivacy.net had noted in its previous coverage that the county had acknowledged to this site that the breach was neither at nor by Automated Benefit Services, a statement that was seemingly contradicted by the county’s corporation counsel the following week, when he stated that “ABS immediately admitted fault and paid for creation and mailing of the letter, as well as the security protection enrollment through AllClear SECURE and AllClear PRO.” Yet now we see ABS again insisting that they were not responsible for this breach.
TRM did not respond to an inquiry sent by PHIprivacy.net asking them to respond to ABS’s statements about their responsibility for the breach.