Utah IT director 'lacked oversight and leadership' in incident that exposed personal details of 780,000, governor says

Dark Reading Staff, Dark Reading

May 22, 2012

1 Min Read

The director of the state of Utah's Department of Technology Services was fired last week following a breach of health department servers that exposed the personal data of some 780,000 residents in March.

A contractor that provided software to the state was also terminated. In addition, two other IT employees are under review and could be reprimanded or fired, Utah Gov. Gary Herbert told reporters in a press conference.

According to a report by The Salt Lake Tribune, Gov. Herbert stated that Department of Technology Services director Stephen Fletcher lacked "oversight and leadership" during the incident, in which Romanian hackers are suspected of stealing Social Security data and other information from health department servers.

The breach was related to the failure to change a default password, Gov. Herbert said. The contractor provided software without proper encryption safeguards, and the state's health data in future will be encrypted at rest as well as in transit, he said.

Herbert also announced the creation of a new "health data security ombudsman" in the Department of Health and appointed Sheila Walsh-McDonald, a longtime advocate for low-income Utahns at the Salt Lake Community Action Program, according to the news report. Walsh-McDonald will help victims navigate the programs available to them to protect their information.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights