Florida state employees are being warned that their personal
information may have been compromised after work on the state's
People First payroll and human resources system was improperly
subcontracted to a company in India.
Employees who worked for the state during an 18 month period
between Jan. 1, 2003 and June 30, 2004 may be affected, according
to an e-mail message sent to all state employees on March 16. The
state's Department of Management Services (DMS), which oversees the
People First system, estimates that 108,000 current and former
state employees may be affected by the data breach, although that
estimate could change as the department's investigation into the
matter continues.
The e-mail was sent after a subcontractor of outsourcing service
provider Convergys Corp. improperly allowed subcontractors in India
to index state personnel files, said DMS spokeswoman Tiffany
Koenigkramer. The offshoring was done as part of Convergys's
nine-year, US$350 million contract to manage the state's personnel
work.
Convergys had subcontracted the indexing work to GDXdata Inc.,
in Denver, which itself turned to a subcontractor in India, a
violation of the GDXdata contract with Convergys, the DMS said.
Convergys has since cancelled its contract with GDXdata, the agency
said.
Convergys says that this offshore work was done without its
knowledge. "Convergys was misled by GDX, one of several
subcontractors hired to perform work for the State of Florida," the
company said in a statement.
The offshore work was made public in late December when
documents were unsealed in a "whistle-blower" lawsuit brought
against GDXdata by two former employees.
The DMS is investigating the matter, but it has so far detected
"no known cases of credit fraud or identity fraud that resulted
from this work," Koenigkramer said.
"It is common today for businesses and even government to use
offshore companies," the DMS March 16 e-mail states. "However, the
use of offshore services in this case was inappropriate and
unacceptable."
By next week, Convergys and DMS expect to have set up a credit
protection plan for affected employees, Koenigkramer said.
That is not enough for one of the state's public employee
unions, which is calling for an end to the Convergys deal and
saying that the People First system has been mismanaged. "We want
this thing killed," said Doug Martin, communications director with
the American Federation of State, County and Municipal Employees,
Council 79. "This is a joke, and the sad thing is, we're paying for
it."
State Senator Walter "Skip" Campbell, a Democrat who would also
like to see the contract pulled, called the outsourcing a "critical
security breach," in part because it inappropriately exposed
sensitive information about the state's law enforcement agents. "We
don't know how far the dissemination of this information has gone,"
he said.
Based in Cincinnati, Convergys is a provider of billing,
customer service, and human resources outsourcing services. It
reported $2.5 billion in revenue last year, according to the
company's Web site.
A spokeswoman for GDXdata declined to comment for this
story.
icon.
