Florida state employees are being warned that their personalinformation may have been compromised after work on the state’sPeople First payroll and human resources system was improperlysubcontracted to a company in India.
Employees who worked for the state during an 18 month periodbetween Jan. 1, 2003 and June 30, 2004 may be affected, accordingto an e-mail message sent to all state employees on March 16. Thestate’s Department of Management Services (DMS), which oversees thePeople First system, estimates that 108,000 current and formerstate employees may be affected by the data breach, although thatestimate could change as the department’s investigation into thematter continues.
The e-mail was sent after a subcontractor of outsourcing serviceprovider Convergys Corp. improperly allowed subcontractors in Indiato index state personnel files, said DMS spokeswoman TiffanyKoenigkramer. The offshoring was done as part of Convergys’snine-year, US$350 million contract to manage the state’s personnelwork.
Convergys had subcontracted the indexing work to GDXdata Inc.,in Denver, which itself turned to a subcontractor in India, aviolation of the GDXdata contract with Convergys, the DMS said.Convergys has since cancelled its contract with GDXdata, the agencysaid.
Convergys says that this offshore work was done without itsknowledge. “Convergys was misled by GDX, one of severalsubcontractors hired to perform work for the State of Florida,” thecompany said in a statement.
The offshore work was made public in late December whendocuments were unsealed in a “whistle-blower” lawsuit broughtagainst GDXdata by two former employees.
The DMS is investigating the matter, but it has so far detected”no known cases of credit fraud or identity fraud that resultedfrom this work,” Koenigkramer said.
“It is common today for businesses and even government to useoffshore companies,” the DMS March 16 e-mail states. “However, theuse of offshore services in this case was inappropriate andunacceptable.”
By next week, Convergys and DMS expect to have set up a creditprotection plan for affected employees, Koenigkramer said.
That is not enough for one of the state’s public employeeunions, which is calling for an end to the Convergys deal andsaying that the People First system has been mismanaged. “We wantthis thing killed,” said Doug Martin, communications director withthe American Federation of State, County and Municipal Employees,Council 79. “This is a joke, and the sad thing is, we’re paying forit.”
State Senator Walter “Skip” Campbell, a Democrat who would alsolike to see the contract pulled, called the outsourcing a “criticalsecurity breach,” in part because it inappropriately exposedsensitive information about the state’s law enforcement agents. “Wedon’t know how far the dissemination of this information has gone,”he said.
Based in Cincinnati, Convergys is a provider of billing,customer service, and human resources outsourcing services. Itreported $2.5 billion in revenue last year, according to thecompany’s Web site.
A spokeswoman for GDXdata declined to comment for thisstory.
