* Press release…
The Illinois Department of Employment Security notified the Illinois General Assembly of confirmation that one of its vendors experienced a data breach affecting approximately 1.4 million Illinois job seekers, according to the vendor’s current estimate. The vulnerability was not the result of any deficiency in software maintained by the State of Illinois and may have impacted ten states.
“The threat of cyber-crime is a clear and present danger to the citizens of Illinois and our administration will continue pressing forward with a comprehensive cybersecurity strategy,” Eleni Demertzis, Spokeswoman for Governor Rauner. “We implore Comptroller Mendoza to reevaluate her decision to hold up funding for this important project, which everyday puts the people of Illinois at risk.”
* From a recent press release from the comptroller…
More than $26 million in consulting fee payments from the [Statistical Services Revolving Fund] are currently being held:
McKinsey - $12 million
Accenture - $7.35 million
RL Canning - $170,895
Deloitte - $318,776
SAP Public Services - $1.8 million
So, by all means let’s speed up payments to Deloitte, McKinsey, SAP and Accenture. They’re such tiny, cash-strapped companies that they couldn’t possibly float their state invoices for a while. The social service providers won’t mind being bumped back again, I’m sure. They can just go back to their banks for another loan.
Both sides should just work it out, already. Enough.
…Adding… Just to be clear, the money in that Statistical Services Revolving Fund was transferred out of the General Revenue Fund “in the final days” of the Munger administration, according to the comptroller.
- pawn - Friday, Mar 24, 17 @ 2:41 pm:
“So, by all means let’s speed up payments to Deloitte, McKinsey, SAP and Accenture. They’re such tiny, cash-strapped companies that they couldn’t possibly float their state invoices for a while. The social service providers won’t mind being bumped back again, I’m sure. They can just go back to their banks for another loan.”
Thank you, Rich, for pointing out the irony. It’s great to see Munger going to bat for the little guy.
- Demoralized - Friday, Mar 24, 17 @ 2:42 pm:
Those payments would come from a fund that has absolutely nothing to do with social service providers. I would have thought that you understood the budget better than that.
- CCP Hostage - Friday, Mar 24, 17 @ 2:43 pm:
How about a budget? That’d fix this and a lot of other issues.
- justpeachy - Friday, Mar 24, 17 @ 2:43 pm:
Hmmm, a cyber-crime just in time to for the Governor to advocate for his consultants to get paid. s/
- Rich Miller - Friday, Mar 24, 17 @ 2:44 pm:
===Those payments would come from a fund that has absolutely nothing to do with social service providers===
LOL
Yeah. But guess where the money in that special fund came from? If you answered “GRF” you win. And guess when that money was transferred from GRF to that special fund? If you answered “just before Comptroller Munger left office,” you also win.
So, yes, I do understand the budget.
- Anon221 - Friday, Mar 24, 17 @ 2:45 pm:
“The threat of cyber-crime is a clear and present danger to the citizens of Illinois and our administration will continue pressing forward with a comprehensive cybersecurity strategy,” Eleni Demertzis, Spokeswoman for Governor Rauner.
OK…shouldn’t the vendor have had a strong cybersecurity program in place before the State contracted with them??? Seems like a stretch to try and equate payments being withheld to lack of what should be a standard SOP at the vendor. Where are the press releases from Rauner’s office for services withheld because of the shredded social service net??? Guess those don’t fit with the Crisis-Chaos press model, huh? Didn’t see any press from Rauner’s office concerning the state worker and her baby that nearly had their oxygen cut off. But hacking at a vendor makes them put the word jumble machine into action? Mmmphf!
- pass the tin foil hat - Friday, Mar 24, 17 @ 2:46 pm:
Unbelievable timing by a hacker to do this shortly after governor cries his kickback contractors aren’t getting paid.
- walker - Friday, Mar 24, 17 @ 2:47 pm:
Always great to go to the external “clear and present danger” meme, when you cannot solve your internal problems.
- Demoralized - Friday, Mar 24, 17 @ 2:51 pm:
Yes. And the money is already there. So unless you get it transferred back it doesn’t matter. It’s there to be spent. They have authority. I’m tired of allowing Comptroller’s (yes, plural, as in Munger and now Mendoza) to make a mockery of the office. A Comptroller does not and should not have authority to decide whether or not they think an expenditure is a good idea. A Comptroller’s job is to make sure there is legal authority to make an expenditure (in this case their is) and to cut the check. Period. End of story.
- Rich Miller - Friday, Mar 24, 17 @ 2:53 pm:
===A Comptroller’s job is to make sure there is legal authority to make an expenditure (in this case their is) and to cut the check===
Except when there’s no money in the account.
- Demoralized - Friday, Mar 24, 17 @ 2:54 pm:
There’s money in this account.
- Earnest - Friday, Mar 24, 17 @ 2:55 pm:
Rauner’s right. His administration signed a contract with these vendors and owes them payment. People’s lives could be at risk as homeless and domestic violence shelters shut down and programs that demonstrably help reduce violence in Chicago are no longer able to function. Employees at these vendors don’t make that much to begin with and losing their jobs has a catastrophic impact on the lives of them and their families.
What? You accuse me of being deliberately obtuse?
- Union proud - Friday, Mar 24, 17 @ 2:57 pm:
Their logic makes no sense. A vendor gets hacked so the state should spend more on cyber security? It wasn’t the state that got hacked.
That’s like saying if a vendor gets held up in an armed robbery we should spend more on security guards at state offices.
- Demoralized - Friday, Mar 24, 17 @ 2:57 pm:
My beef is that we have had two Comptroller’s in a row who, in my opinion, have done some questionable things while in that office.
I’m now, more than ever, against combining the Comptroller and Treasurer. After this do we really want to give the keys to the actual bank account to the same person writing the checks?
- wordslinger - Friday, Mar 24, 17 @ 3:04 pm:
–The vulnerability was not the result of any deficiency in software maintained by the State of Illinois and may have impacted ten states.–
Um, kind of steps on the ol’ “clear and present danger” message, does it not?
What’s with the frantic hyperbole anyway? Was it movie night for the Frat Boys? Lousy flick.
The governor’s concern for state vendors is duly noted, to the tune of $13 billion in overdue bills.
Maybe he just means those IT consultants he’s obviously very sweet on.
But by elevating them to get paid before all others, Rauner is creating a “Clear and Present Danger” that social service contractors and the citizens they serve will become “The Departed.”
- Thinking - Friday, Mar 24, 17 @ 3:08 pm:
The vendor that was hacked isn’t one Mendoza is sitting on paying. The vendor is America’s Job Alliance-Technical Support.
- The Real Just Me - Friday, Mar 24, 17 @ 3:11 pm:
How would spending state money on state systems prevent the hack of a private vendor’s private system that “was not the result of any deficiency in software maintained by the State of Illinois”?
- P. - Friday, Mar 24, 17 @ 3:13 pm:
You could spend a trillion dollars on a state cybersecurity program and it wouldn’t make a third party vendor safer. This is a stretch to say the least.
- Smitty Irving - Friday, Mar 24, 17 @ 3:22 pm:
Demoralized - Can you name 2 or 3 Comptroller you thought didn’t do questionable things?
- Quad City Gal - Friday, Mar 24, 17 @ 3:28 pm:
—”Um, kind of steps on the ol’ “clear and present danger” message, does it not?
What’s with the frantic hyperbole anyway? Was it movie night for the Frat Boys? Lousy flick.”—-
“Hunt for Red October” was on the other night. Much better movie, Sean Connery’s “Russian” accent aside. “Patriot Games” is also not too bad.
“Clear and Present Danger” is is just overdone.
- Moe Berg - Friday, Mar 24, 17 @ 3:28 pm:
Starting with union proud, and then as others commented, the administration contradicts itself once again. Will be interesting to see if journalists catch it and call it out or if we get the usual obfuscatory portrayal of Rauner says X and Mendoza says Y.
Reporters or GA Democrats: ask how what the Rauner administration wants would have prevented a vendor from getting hacked? Ask admin what sanctions will result on vendor from getting hacked? And, what vendor?
- The Dude Abides - Friday, Mar 24, 17 @ 3:32 pm:
Wordslinger hit the nail on the head. This doesn’t have anything to do with cyber security maintained by the state. Weak sauce for the end of the week.
- wordslinger - Friday, Mar 24, 17 @ 3:37 pm:
So none of the Superstars caught the obvious and completely contradictory messages they were sending out?
- Mouthy - Friday, Mar 24, 17 @ 3:37 pm:
Consultant’s payments are usually paid by the hour. Because of expertise of these types of services I’d estimate the hourly rate per consultant to be north of $200 an hour. Usually the description, hours, and rate are listed in bock 10 of a C-13 payment voucher…
- Sigh - Friday, Mar 24, 17 @ 3:41 pm:
Has IDES notified those individuals yet? There is a notification requirement. http://www.ilga.gov/legislation/ilcs/documents/081505300K12.htm
- Thoughts Matter - Friday, Mar 24, 17 @ 3:45 pm:
So, some vendor got hacked. That vendor is nameless and is probably not one of the ones listed in the post. Therefore the state should pay these vendors while we are not paying anything else, and employees babies almost lose their oxygen machine? And it is Mendoza’s fault?
Here are my suggestions:
The department of employment security needs to quit using outside vendors and store their data with the new bright shiny Dept of Innovation and Technology.
And, two, #do your job.
- Neveranonymous - Friday, Mar 24, 17 @ 4:05 pm:
It sounds like whoever picked the vendor could have done a better job. Cheaper isn’t always better.
- Yellow Dog Democrat - Friday, Mar 24, 17 @ 4:11 pm:
From what I can tell, the governor’s demand for money has nothing to do with the attack. Nothing.
Moreover, Mendoza’s decision to withhold those payments at this time is irrelevant. The governor has no problem asking social service providers to deliver services and then wait to receive payment. In fact, plenty of for-profit companies are owed large sums and continue to provide services.
Why shouldn’t IT consultants be asked to do the same?
- DuPage - Friday, Mar 24, 17 @ 4:24 pm:
So a low bid vendor did not spend money for security and got hacked. That’s the kind of thing that happens when you OUTSOURCE!! Probably one of the vendors minimum wage employees clicked on an e-mail because they were not trained on what to watch out for.