City of Houston employees' private data compromised after worker's laptop stolen

By Joel Eisenbaum - Investigative Reporter

HOUSTON - More than a month after a city of Houston laptop was stolen from a city employee's personal vehicle, the mayor's office has confirmed to Channel 2 Investigates that sensitive personal information was on the computer in question.

Earlier, the city was not able to pinpoint if the information was actually on the computer's hard drive.

Alan Bernstein, Mayor Sylvester Turner's Director of Communications, stated by email Friday:

"The city is constantly reviewing and updating its cybersecurity. In addition, the city is installing several administrative, technical and operational controls as part of a 4-year cyber security master plan. Our constituents should know that every possible measure is taken to protect the confidentiality of any data about them. The potential breach involving city data affected only some employees."

"We are not aware of any evidence showing confidential data was accessed by a non-city-employee," Bernstein wrote.

Chris Bronk, a University of Houston computer security expert, said sensitive information, including dates of birth, social security numbers, and medical information should not be stored on local hard drives, especially laptops.

"You want to have the laptop accessing data on a cloud someplace on a server so that when they're finished, the data is only living on that cloud and there is nothing of any use on the laptop," Bronk said.

Given the nature of the breach, Channel 2 Investigates inquired about financial information stored by the city's public works department. Bernstein addressed the issue:

"Houston water customer information is not stored locally on desktops or laptops. All customer information is stored within a billing system. Only authorized users with an account (who have been given the appropriate security roles based on their job function) can access, enter, or modify specific information within our billing system."

Below are four pages of a letter that was sent to employees who were potentially affected by the breach:

Copyright 2018 by KPRC Click2Houston - All rights reserved.