HOUSTON—Despite renovations under way at Houston Community College, another side of HCC is falling apart if you ask insider Anil Ninan.
“HCC’s roof is leaking, HCC’s doors and windows are open, even the foundation’s cracked,” said Ninan.
Ninan was hired as the college system’s Chief Information Security Officer two years ago.
He’s now blowing the whistle on HCC.
“You wouldn’t live in a house that is in that bad of shape,” Ninan said.
He’s not talking about a physical house, but rather the school’s computer network that houses students’ personal information like social security numbers and birthdates, which Ninan claims is dangerously unsecure and exposed.
I-Team: “Has the system been hacked?”
Ninan: “Yes sir.”
I-Team: “How many times?”
Ninan: “Multiple times.”
A computer network audit done by the Gartner company in May 2011 called the college system’s risk level “very high.” It cited an “inability to deliver the appropriate level of security and privacy protection.” The report also highlighted an “inability to comply with a variety of industry, state, and federal regulations.”
Ninan said the gaps were leaving students’ sensitive information ripe for the taking.
“That’s crazy! I didn’t know that,” said student Giancarlo Licitra.
“Identity theft,” added student Maria Rodriguez.
“Actually, I’ve had it happen before,” said student Sirron Kyles.
Kyles said he once had his passport stolen, and knows the hassle of identity theft.
I-Team: “A huge headache?”
Kyles: “Headache?! I’m still going through it.”
So his message to HCC?
“Anything they can do to protect it, that’s what they should do,” Kyles said.
But there may be just one problem.
“They want to shove everything under the rug,” Ninan said.
Ninan said when he first told warned HCC’s top brass about the problems two years ago, bosses told him ‘don’t find any more problems.’
Worse yet, Ninan claimed HCC’s Chief of Police Greg Cunningham called him in.
“He told me that if I find any more problems at HCC, I’ll be fired and I will face the consequences,” Ninan said.
Stunned, Ninan began recording his meetings with the chief, including one in which Ninan brought up those state and federal computer security regulations he claimed HCC was ignoring.
“These guys have been ignoring that (expletive) since Christ was a corporal,” Cunningham is heard saying on the tape recorder.
And later, in the same conversation, Ninan asked: “They just never cared huh?”
Chief Cunningham: “Nobody ever looked because they were this little tiny community college that didn’t matter. Now they’re one of the biggest colleges in the (expletive) nation, and everybody and their brother is looking up your skirt and guess what? You ain’t got no panties on.”
The I-Team asked Ninan what he was thinking when he heard that from the chief.
“That’s when I realized how corrupt HCC actually is,” Ninan said.
Chief Cunningham dodged our questions, but an HCC spokesman is talking about his comments.
“We at HCC hold ourselves to a higher standard and that kind of language and my apologies to the public if they have to hear that,” said Chief Communications Officer Dan Arguijo.
As for the computer security concerns, like the Garner company audit:
I-Team: “It sounds like the door was wide open from this report.”
Arguijo: “The report points out issues that we have addressed, we are addressing and we continue to address.”
And what about HCC’s board? At least one trustee said it’s critical they get their house in order.
“We’ve got to go to the next step and follow up and make sure that, not only the door is locked, but the deadbolt is turned and we turn on the alarm,” said HCC Trustee Carroll Robinson.
Spokesman Arguijo meanwhile, insists HCC has never been hacked, but does acknowledge an e-mail privacy error in September. The social security numbers of about 2000 employees were accidentally e-mailed to a non-employee.
Arguijo called the incident human error, and not a network breach.
As for Anil Ninan, he said after he blew the whistle he suddenly received a poor job performance review.