Advertisement
Canada markets closed

  • S&P/TSX

    21,873.72
    -138.00 (-0.63%)
     

  • S&P 500

    5,071.63
    +1.08 (+0.02%)
     

  • DOW

    38,460.92
    -42.77 (-0.11%)
     

  • CAD/USD

    0.7301
    +0.0003 (+0.04%)
     

  • CRUDE OIL

    82.77
    -0.04 (-0.05%)
     

  • Bitcoin CAD

    88,167.36
    -3,080.84 (-3.38%)
     

  • CMC Crypto 200

    1,389.55
    -34.55 (-2.43%)
     

  • GOLD FUTURES

    2,320.60
    -17.80 (-0.76%)
     

  • RUSSELL 2000

    1,995.43
    -7.22 (-0.36%)
     

  • 10-Yr Bond

    4.6520
    +0.0540 (+1.17%)
     

  • NASDAQ futures

    17,462.75
    -201.75 (-1.14%)
     

  • VOLATILITY

    15.97
    +0.28 (+1.78%)
     

  • FTSE

    8,040.38
    -4.43 (-0.06%)
     

  • NIKKEI 225

    37,818.11
    -641.97 (-1.67%)
     

  • CAD/EUR

    0.6818
    -0.0001 (-0.01%)
     

Democrats say Missouri governor inflating cost of fixing website flaw found by reporter

Rudi Keller
·4 min read

When Gov. Mike Parson last week angrily called for the St. Louis Post-Dispatch to be prosecuted for uncovering security flaws on a state agency website, he said the newspaper’s actions could “cost Missouri taxpayers up to $50 million.”

That amount, two Democrats on the House Budget Committee said Tuesday, is an estimate for providing credit monitoring to protect against misuse of personal data and a call center to answer questions from educators whose private data may have been exposed.

And, state Rep. Peter Merideth said, the estimate is not a very good one.

“He pulled it straight out of his ass,” Merideth said in an interview with The Independent Tuesday.

ADVERTISEMENT

The Parson administration has so far refused to publicly substantiate the $50 million claim. Asked to do so on Tuesday, Parson’s spokeswoman, Kelli Jones, said she had not “had time to get to it.”

Merideth, the ranking Democrat on the committee, and Rep. Kevin Windham, D-Hillsdale, said in a statement that they asked nonpartisan appropriations staff to find out what Parson, a Republican, intended to do with the money.

They were informed, Merideth said, that the governor’s statement was “a very rough and preliminary estimate,” the funds that would be tapped have not been identified and the timeline for doing anything was unclear.

In the release, Merideth and Windham said the Post-Dispatch protected the state by holding the story until the data issue was fixed.

If the person who found the data had bad intent, Windham said, the price could have escalated.

“I remain concerned about potential costs to the state resulting from lawsuits and the like, however I’m far more concerned about the 100,000 educators whose sensitive information was handled with such negligence,” Windham said. “Our state is incredibly fortunate that the person who found this vulnerability reported it to the state as soon as they did.”

The reason the estimate is questionable, Merideth said, is that it may duplicate something the state has already been forced to do to protect the data of educators.

The state purchased 24 months of credit monitoring for potential victims of a data security problem at the Public School and Education Employees Retirement System, the Post-Dispatch reported Tuesday. The system notified its more than 128,000 active members and 100,000 beneficiaries of the Sept. 11 breach the same day that Parson lashed out at the story about teacher data.

The data for about 100,000 active educators was accessible through the Department of Elementary and Secondary Education website.

“I doubt it costs $50 million for 100,000 people to have credit monitoring,” Merideth said.

In the story that enraged Parson, the Post-Dispatch reported a website set up for the public to search the credentials of individual educators exposed Social Security numbers. The numbers were visible embedded in the code that tells the computer how to display a page, which can be viewed by pressing the F12 key on both Apple and Microsoft operating systems.

The reporter viewed three Social Security numbers, the newspaper reported. The Post-Dispatch informed the department and refrained from publishing a story about the issue until the data was no longer available.

In the statement Parson read to reporters without taking questions, he said the reporter who found the issue was a hacker and that viewing the data was a crime. He said he referred the case to Cole County Prosecuting Attorney Locke Thompson and that the Missouri State Highway Patrol would investigate.

“This incident alone may cost Missouri taxpayers as much $50 million and divert workers and resources from other state agencies,” Parson said. “This matter is a serious matter.”

By making that statement as he described the law enforcement response, Merideth said, Parson was suggesting that the investigation would cost that much.

“He very clearly was trying to suggest that this was what we would have to spend to hold this guy accountable, or this is what we have to spend because of what this journalist did,” Merideth said to The Independent. “The money is because of the exposure and the failure of the state to maintain the security of the data.”

Parson defended his call for prosecution in a Facebook post the day after his public statement.

“This information was not freely available and was intentionally decoded,” Parson wrote. “By the actor’s own admission, the data had to be taken through eight separate steps in order to generate a (Social Security number).”

The Star’s Jeanne Kuang contributed to this story.

This story was produced by the Missouri Independent, a nonpartisan, nonprofit news organization covering state government, politics and policy.