Last week, Florida Chief Financial Officer (CFO) Jimmy Patronis sent a letter to Jack Dorsey, the co-founder and CEO of Twitter, in regards to the recent hacking that Twitter experienced. This letter is a follow-up to the CFO’s request to the Florida Department of Law Enforcement (FDLE) to investigate Twitter and partner with federal agencies to assess the state’s risk-level from the security breach.
The letter is below:
Dear Mr. Dorsey:
My name is Jimmy Patronis and I serve as the state of Florida’s Chief Financial Officer (CFO). Among many of the obligations to the citizens of our state, I have specific statutory responsibilities over the state’s financial services system, our retirement system, state bonding activities, insurance, law enforcement, the state’s Treasury and protecting our citizens from fraud. I am also a frequent user of your application. I use it to share and distribute information, I use it to keep up with friendships and colleagues, and I use it to get a better sense of what’s going on in the world. In fact, for as long as I’ve had children, I’ve used Twitter.
As you can appreciate, Twitter is an extremely powerful tool that governments, industries, members of the media and billions of other people rely on for communicating important information. For better or worse, it’s hard to imagine a world without Twitter and because of how you have managed to weave this product into the fabric of day-to-day life, we’ve found ourselves in a situation where your security gaps have become our problem. With Covid, economic shutdowns, riots, hurricane season, instability at the China-India border, protests in Hong Kong, and numerous other challenges for people globally, and here at home, one would have hoped Twitter’s security issues shouldn’t be among life’s long list of threats, but unfortunately we weren’t that lucky.
Following the recent hacking of your system, I requested our Florida Department of Law Enforcement (FDLE) investigate Twitter and partner with federal agencies to assess the state’s risk-level from the security breach your company experienced. As your company has indicated it is working with the Federal Bureau of Investigation in investigating the hacks, I am requesting you also provide a similar briefing to FDLE. As part of the briefing, there are a number of issues that should be addressed:
1. According to publicly available reports, hackers targeted 130 accounts and downloaded the personal data of eight users. Based on this information were any of the affected parties Florida residents, or Florida business owners, and have they been properly notified of the attack? If it is the case that personal or sensitive information was stolen, we must be prepared for subsequent impacts that may result from the original cyber attack. I would rather the affected parties and FDLE be prepared with more information and not less.
2. Reports also suggest that the hackers received 510 payments totaling $120,000 from the bitcoin scam. Based on this information were any Floridians victims of this scam and what is your intention with respect to compensating the victims for failing to establish proper security mechanisms?
3. Some information that has been publicly disseminated says the hackers may have attempted to sell some of the personally identifying information of the compromised accounts. Is there any indication whether hackers, or potential buyers of the personal information, were operating in the State of Florida? As FDLE maintains close relationships with local law enforcement agencies and possess cyber security professionals – it would be a missed opportunity to not include FDLE in an effort to bring the hackers to justice.
4. Will Twitter add greater safe guards for government accounts? The full faith and credibility of federal, state, and local governments could be undermined should hackers begin targeting government accounts to foster confusion and chaos. I would also add that since Florida is well into hurricane season, citizens rely on Twitter for critical information related to closures, medical supplies, shelters, etc. One hacker could easily cost lives in the middle of a storm, and that’s a risk we cannot afford.
As Twitter called this failure “embarrassing,” now is your opportunity to ensure more harm doesn’t come to our country or the citizens of Florida.
I look forward to your prompt response.