Sign-up for email updates

State Response and Safeguards

Incident-Related Communications

Outreach to Affected Individuals

Texans whose personal information was inadvertently posted were issued a letter from the Comptroller's office in April.

Media Notification

On Monday, April 11, Texas media outlets were alerted to the inadvertent posting of certain personal information. A news release outlined details about the incident and this website was provided to give Texans access to more information.

A toll-free hotline was made available Tuesday, April 12, for individuals needing news or resources related to the incident.

Additional news releases have spotlighted other measures taken to assist those whose information was affected.

Incident Website

This website,, was created as an online tool for Texans to access the most up-to-date information about the incident — including updates on who was affected and what to do if their information was inadvertently posted — and to provide additional details, recommended steps and resources. The site also provides FAQs and an email alert Texans can sign up for to be informed of any additional developments.

Policy Procedures and Enhancement

The Comptroller’s office took immediate action to remove the records from the agency’s affected file transfer servers, and contacted all three major credit reporting agencies. The Comptroller's office also arranged one year of credit monitoring at no charge for those whose information was affected.

The Comptroller’s office also is working with the other agencies involved and with the Texas Attorney General’s office to investigate the exposure. We have no information to indicate that this personal information has been misused, but we are notifying people so that they can take any appropriate actions they feel necessary.

We’ve done a thorough review of the affected file transfer servers and have secured data maintained on those servers.

Protecting Texas's Identities

Recommendations for Texas

As stated in the Comptroller’s December 2010 report Protecting Texans’ Identities, actions are needed to help protect employees of governmental bodies and private individuals who share information with these bodies.

The report’s recommendations include the creation of an information security council or review board consisting of representatives from small, medium- and large-sized agencies and institutions of higher education.

This information security council or review board should at minimum have the authority over and be responsible for:

  • appointing an advisory committee or committees to assist the council;
  • creating model security awareness training policies and procedures for state governmental bodies, particularly those collecting, handling, transferring, sharing and/or releasing personal information; and
  • making recommendations to the Legislature regarding an update on statewide privacy issues and whether agencies and institutions should be required to monitor and/or conduct regular inventories or audits of the number and types of personal information they collect.

In recent years, the Texas Comptroller has brought increased transparency and openness to Texas state government. Informed citizens make our government stronger. Balancing the need for transparency with the need to protect citizens’ personal information will continue to be a global issue. And it requires government, businesses and citizens to work together to find solutions.

Information security breaches cost businesses about $54 billion annually, according to a 2010 study conducted by Javelin Study & Research. Since 2005, more than 517 million personal records have been breached, according to the Privacy Rights Clearinghouse, a nonprofit consumer organization.

Texas state agencies and institutions of higher education currently collect and store more than 5 billion pieces of personal information about their citizenry, as well as similar information concerning various public employees, licensees, permit holders, contractors and others.

The Federal Trade Commission (FTC) estimates that 9 million individuals in the United States have their identities stolen every year. That is the equivalent of approximately 17 identities stolen every minute.