City Controller: Philly government IT asking, begging for a major hack
9:50 a.m.: This article has been edited to clarify that the City Controller’s press release indicates the possibility of password breaches throughout the city government IT infrastructure, not just the city Web site.
If only a hacker could manage to navigate the city’s Web site, the administration might be in trouble.
That log-in passwords are lax and that fired city employees can still access secure portions of the city’s Web site are just two claims of the 2008 General IT Controls Review of the city’s Division of Technology, released yesterday by City Controller Alan Butkovitz. The review found that some terminated employees and contractors still had active user IDs to one or more of the city’s systems.
“There’s a lack of communication between the DOT and the Office of Human Resources,” said Butkovitz, who is embroiled in a primary race. “Once an employee or contractor is no longer with the City, all of their user ID and password information must be terminated immediately. The current practice exposes the City to substantial risks by allowing access to important financial data by unauthorized personnel.”
