Several former employees of the state Department of Revenue Services and other agencies still had access to state computer networks after being fired or voluntarily leaving their jobs, according to a new state audit.
The state’s Auditors of Public Accounts said in a report Friday that the revenue services agency is among several departments that have failed to consistently cut off computer access when people left their state jobs.
“It only takes one disgruntled employee with pretty good computer skills to, at the very least, cause some mischief for the state of Connecticut by inappropriately accessing and using system data after they’ve been discharged,” state Auditor Robert G. Jaekle said.
“The potential for some hard feelings are there, and that’s why these basis questions should be addressed.”
The Department of Revenue Services faced criticism recently when one of its laptop computers, which contained information on about 106,000 state taxpayers, was stolen from an employee’s car in a Long Island parking lot last summer.
Jaekle said his agency’s audit for a two-year period ending June 30, 2006, found that in 10 of 17 cases surveyed, former agency employees still had access to one or more computer systems in which security is deemed “critical.”
The revenue services department disputed many of the audit findings Friday, telling The Connecticut Post that it quickly cuts off computer access when agency employees leave.
Departing state employees are supposed to hand in identification badges, keys to doors, card keys to restricted areas, and have their computer passwords and user names deleted.
Overall, Jaekle said, the two-year revenue services audit — which contained 13 areas for improvement — found no evidence of “material or significant” weaknesses.
Sarah Kaufman, spokeswoman for the DRS, said Friday they dispute the audit’s conclusions about the agency’s exit-interview procedures.
“We believe that the report incorrectly suggests that DRS did not have an exit process in place to ensure proper notification when employees were separated or terminated,” she said.
That protocol has been in place for 15 years and was updated in May 2006, she said.
Its steps include notifying computer network officials about employee departures so they can eliminate the former workers’ access to the network, e-mail, and other functions, she said.
“We feel that we are properly notifying specific areas of the agency when an employee is separated or terminated,” Kaufman said.
