With a hat tip to MPR’s own Bob Collins, a state contractor on the sharp end of public radio reporting seems to be threatening charges against the journalists who exposed security breaches in a job-seeker database.
MPR reporter Sasha Aslanian busted Texas-based Lookout Services Dec. 11 for leaving 500 names, dates of birth and Social Security numbers unsecured. Lookout ran state applicant data through the feds’ E-Verify system, and Aslanian says MPR was able to gain access to the private stuff “without using a password or encryption software.”
Monday, Lookout posted its response. The company, which announced a lawsuit against the state, is a bit more passive-aggressive when it comes to legal action against MPR. The statement notes that “the MPR reporter” was the only one who looked at some data, mentions possible federal violations and concludes ominously, “Lookout Services will aggressively seek prosecution of those responsible for this egregious act.”
As a wise lawyer once told me, anyone can sue for anything, and a prosecutor would need to sign off on any charges, no matter how mad Lookout is right now.
To me, the release seems written to let Lookout’s other customers know hackers didn’t get through, and I wonder if anyone, much less a journalist, can get rung up if the data was sitting in the open. I’ve contacted Lookout, MPR and cyber-law experts and will let you know when they check back.
Here are the money parts of the release, emphasis mine:
Bellaire, Texas-based Lookout Services Inc. (Lookout Services) today announced that limited portions of the company’s proprietary software may have been illegally compromised by an individual or individuals seeking access to client records.
The information disclosed as a result of the intrusion was limited in scope both by the amount of data that was accessible and the type of data that was accessible. Lookout has confirmed that with respect to some data only the Minnesota Public Radio reporter viewed the data. …
Given the circumstances, Lookout does not believe that the purpose of the intrusion was for the purpose of identity theft. However, an investigation may reveal more details about the exact motives in the weeks and months ahead.
“We have contacted the FBI and other law enforcement officials and we are fully cooperating with their investigation into how this matter,” said Elaine Morley, CEO of Lookout Services.
Lookout Services Inc. filed suit against The State of Minnesota on December 10, 2009, but did not inform The State of Minnesota at the time the lawsuit was filed. In days prior to filing suit, Lookout Services notified The State of Minnesota with concerns about conduct of numerous attempts at unauthorized intrusions involving computers with IP addresses belonging to The State of Minnesota and Minnesota Public Radio.
“We told the State of Minnesota we were requesting an investigation, due to concerns that federal laws were being violated,” Morley said. ”After expressing concerns to The State of Minnesota, the State agreed to instigate an investigation, but we felt that The State of Minnesota was not taking swift action, so we began blocking IP addresses and shutting down users.”
Since that time, Lookout Services has refused to grant any users at The State of Minnesota access to the software.
“Lookout Services will aggressively seek prosecution of those responsible for this egregious act,” Morley said. “We will not tolerate the illegal disclosure of client information.”