Recently, Javier Joven, the mayor of Odessa, a city in western Texas, USA, announced that since December 2022, someone has used the account of former Odessa City Attorney Natasha Brooks to illegally access the city's government system several times, and Odessa police launched an investigation after a large amount of sensitive information was transferred via email to a private account.
Joven said at a press conference on Monday (July 17) that the Odessa Police Department's reporting, personnel information and public information application escrow systems were illegally accessed. The exact sensitivity of the data transferred is unclear, but the data breach alone is cause for concern.
While the exact number of illegally accessed files is uncertain, it appears hundreds of emails and other data were confirmed to have been accessed, Joven said.
It is currently investigating whether it was an internal or external intrusion. Once the investigation is concluded, the city government will take all available means, including criminal charges, to ensure that those involved in this malicious intrusion are severely punished by law.
Joven was asked if the investigation was related to the recent firing of IT director Michael Parrish. He said the council does not comment on personnel matters, but he also said everything was being investigated. At the same time, he also said that measures have been taken to ensure that no more information leakage will occur.
With the deepening of the investigation, the data breach seems to be involved in the dispute of the departing personnel. The city government argued that the departing staff did not have a severance package, while the departing staff opposed it entirely, arguing that the city government was using the data breach as an excuse. "In recent days we have discovered that the city leaked the EEOC allegations to the Odessa Accountability Project, which appears to be a pro-Joven government Facebook page," Wenke said. Wenke said: Under federal law, these allegations are classified, and, you know, whoever discloses these allegations may be in violation of these federal regulations. When charges are filed by the EEOC, the only person with such information may be the city attorney's office.
Wenke said he did not believe his client had the ability to access the city's computer systems or servers. As for emails, Wenke said one of the questions the council needs to answer is whether they removed Miss Brooks' access to her emails after she was fired. If access was never revoked, there is no violation at all.