Connecticut Gov. M. Jodi Rell today announced that she has called for an investigation to determine if Debix Identity Protection Network, a company hired in 2007 to protect residents potentially affected by a security breach, has broken its contract with the state.
"We have been hearing a number of complaints from the very residents we are committed to protecting. If there is evidence of a contract breach, we will take all legal means necessary to safeguard our citizens," Rell said.
The governor said as part of the contract, Debix has agreed to maintain fraud alerts on the credit reports of those residents through three major credit bureaus. However, the state has received complaints about a mailing being sent to Connecticut residents from Experian, one of the credit bureaus, asking for confidential information in order to continue the fraud alerts.
"It is absolutely unacceptable for one of the credit bureaus to be contacting our residents directly to maintain a fraud alert when the state is paying Debix to do that on their behalf," Rell said.
Debix is contracted to provide services to the Departments of Revenue Services, Education, Labor, Veterans Affairs, Motor Vehicles, Labor, Transportation, Administrative Services and the state Comptroller's Office. The governor has directed the heads of those agencies to gather all information regarding the Debix contracts and any complaints and bring the matter to the immediate attention of the Attorney General Richard Blumenthal for a formal investigation.
"It is essential that we undertake an immediate and thorough investigation to ensure Debix honors all aspects of its agreement with Connecticut," Rell said.
The state hired the Austin, Texas-based Debix last year after a Department of Revenue Services laptop was stolen. The governor said Ohio is experiencing a similar situation with the Debix and Experian. Connecticut chose Debix, in part, because of its work with Ohio following a large-scale security breach in that state.
Rell said, to date, the state has received no indications that any of the compromised information has been used. The Debix contract in Connecticut covers more than 53,000 people. The majority -- 50,916 -- are covered through the DRS contract.
"Identity theft is a costly crime that victimizes thousands of Americans each year," the governor said. "We have taken unprecedented steps here in Connecticut with technology advances and other programs over the past several months to safeguard our citizens."
The governor directed that more than 6,000 state laptops be encrypted earlier this year as part of an initiative to strengthen security practices. She also proposed and signed a bill in June that requires businesses that collect Social Security numbers and other sensitive information to develop a protection policy or risk civil fines of up to $500,000.