LIHU’E — A firm hired by the Kaua’i Island Utility Cooperative just completed an investigation into the integrity of two of its data-storage systems, to ensure the information in them is not being accessed improperly. “The two data banks store
LIHU’E — A firm hired by the Kaua’i Island Utility Cooperative just completed an investigation into the integrity of two of its data-storage systems, to ensure the information in them is not being accessed improperly.
“The two data banks store highly personal profile information of both our employees and members,” said KIUC President and Chief Executive Officer H.A. “Dutch” Achenbach.
The systems also store sensitive KIUC financial information.
“We ascertained that the security of our computer system has not been breached,” said Karen Baldwin, senior counsel for KIUC.
The Honolulu firm Safeguard Services Inc. was hired to conduct the investigation that was announced via an internal KIUC e-mail circulated on Jan. 26.
KIUC officials provided The Garden Island with a copy of the e-mail.
“Because your newspaper had financial information that wasn’t normally distributed outside KIUC, we had to determine whether or not our internal computer system had been breached,” said Baldwin in a phone interview with The Garden Island.
Last October, internal KIUC financial information provided to this newspaper touched off a series of articles about spending at the co-op. That information originated from within the data banks that were the subject of the recent investigation.
“Once information like that becomes public, you have to immediately look at why it did,” Baldwin said.
“This investigation was no big deal,” Achenbach said. “We are just protecting the members and employees. Any other organization would have done the same thing”
The databanks, called NISC and Dafron, store the most sensitive financial information, as well as profile information of employees and members at the KIUC building in Lihu’e.
“KIUC gathers a great deal of information about employees and co-op members: addresses, phone numbers, financial statements, Social Security numbers, all that stuff,” Baldwin said.
“We have a responsibility and obligation to make sure that information is secure. If it is breached, we have an obligation to fix it.”
The investigation by Safeguard wasn’t intended to specifically seek out individuals responsible for the information release, said Baldwin. “It was to determine how we can have greater control over our documents,” she said.
The most significant finding of the investigation, according to Achenbach, is the co-op does not have to replace the two systems that store the information. “It would cost us well over $500,000 to install a new system,” he said.
And that does not take into consideration all the training that would be required to learn how to use it, Achenbach said.
Safeguard Services Inc. will release the final report on the investigation to KIUC soon.
An investigator with Safe-guard Systems Inc., Beth Cobbs, could not comment on the investigation or say when the final report would be available.
“This is our final step in putting this thing behind us,” said Achenbach. “There are a couple things we learned to make (information security) better, but I don’t know if we’ll make any changes yet.”
Baldwin said the next step will be to look at the recommendations in the Safeguard report, and to close a couple security gaps that exist. Those gaps include small changes like controlling where documents may be printed.
When asked why the investigation required an outside firm, Baldwin replied, because of the “huge amount of work.
“The investigation required going through huge volumes of phone lists and identifying the particular report out of hundreds generated, and then who generates it and who gets it.”
David Proudfoot, outside counsel for KIUC, said, “I was the lawyer who helped coordinate the investigation,” but would say nothing else.
Achenbach insists the investigation was not about the information that was released to The Garden Island. It was about the security of the computer system at KIUC.
Baldwin said emphatically that the investigation was not carried out to find the person who released the information to The Garden Island. “We hired Safeguard to review our security procedures and policies,” she said.
“We’re trying to put this whole thing to sleep,” said Achenbach. “And we have to protect our employees and our members.”
