GRAND JUNCTION, Colo.—The FBI found no evidence that laws were broken when a security lapse in Mesa County’s computer system left thousands of people’s personal information and the names of some confidential sheriff’s informants open to public view on the Internet.
The Grand Junction Sentinel reported Sunday () it obtained records of the investigation of the 2011 lapse through open-records laws.
The lapse occurred when a county employee inadvertently posted information from the Sheriff’s Department on a site that could be accessed without a password. Officials said the employee thought the site was secure.
The newly released records show a federal grand jury investigated and that an FBI agent later reported that no violations of federal law were found.
Frank Whidden, who was hired as the county information technology director months after the lapse, said it was caused by human error. The newspaper reported an employee was fired over the incident.
Mesa County Sheriff Stan Hilkey said no reports of fraud, identity theft or retaliation against confidential informants have been linked to the lapse.
“That doesn’t mean it didn’t happen,” Hilkey said. “It’s almost impossible to connect those dots.”
Much of the personal information that was exposed was already available in public channels, Hilkey said.
Officials initially said the records of more than 200,000 people were exposed, but investigators concluded many of those files were duplicates and that the number was 105,000. The files included information on sheriff’s employees, people who applied for concealed weapons permits and informants.
The investigation found that the data had been exposed online since April 2010 and that web crawlers—programs that browse the Web seeking specific information, such as references to an individual’s name—first visited the site in September 2010. The first person accessed it on Nov. 1, 2010.
Sheriff’s Department officials said they discovered the lapse on Nov. 24, 2010, when a confidential informant told them his or her information was available online.
An investigative report said 75 computers in the United States, Spain and Ukraine accessed and downloaded information, the newspaper said.
The report said not all of the downloaded files contained sensitive information.
———
Information from: The Daily Sentinel,
