Identity theft is one of the fastest- growing crimes in the country.
As consumers, we can take actions to protect ourselves, especially when dealing with private companies or the Internet. But as taxpayers and citizens, we're required to hand over sensitive information to the government, whether it's our job information or Social Security number. When filing taxes, we sometimes even volunteer such sensitive information as bank account numbers.
We do so expecting a certain amount of security. But the state of Colorado isn't doing nearly enough to protect its citizens' personal data.
A recent audit found the state's computer systems are at "high risk" of online attack. A firm hired to secretly hack into agencies' systems easily gained access to thousands of documents containing Coloradans' sensitive personal information, according to a Denver Post story by Tim Hoover.
Building an impenetrable computer system is all but impossible in these days of sophisticated hackers and cyber attacks. Just last weekend, the popular website Gawker was hacked, and the ongoing WikiLeaks saga shows just how it easy it can be for once-secretive government data to go public in a big way.
But the state of Colorado was failing to do even the simple things to protect its system and citizens' vital information.
For example, in some cases, testers simply guessed obvious user names and passwords, and in others, they used default user names and passwords that system administrators never changed, according to Hoover's story.
Even more maddening, the audit found that 12 of 20 agencies didn't even bother to submit plans outlining their computer system security measures to the state's Office of Cyber Security, which they are required to do by law.
The state already has begun to fix what can be done quickly, Dara Hessee, chief of staff for the Governor's Office of Information Technology, told The Post. But longer-term problems remain, and state officials say it could take $40 million to implement an adequate cyber-security plan. The office's budget is about $400,000.
How serious are the holes in the state's system? Penny-pinching state Sen. Dave Schultheis is even calling for more money: "I would hope that the Joint Budget Committee would allocate some significant dollars even in this difficult time to fund what is a definite necessity," he said.
The state's entire computer network has been messed up, for lack of a better term, for at least a decade. Remember the debacle with the social services computer system?
Auditors say the Office of Cyber Security, which is under the Governor's Office of Information Technology, has no strategic plan and was singled out for its "lack of effective leadership."
Gov.-elect John Hickenlooper knew he was inheriting a difficult budget situation, but now he can add this to his list.
Money shouldn't be an excuse. Fixing the problem entirely may not be possible, given the budget crunch, but there's no excuse for ineffective leadership and the failure to take even the simplest of precautions.