CHULA VISTA COUNCIL MEMBER ADDRESSES BLUNDER
Galvez mistakenly emailed personal info to hundreds
CHULA VISTA
Chula Vista has no plans to contact individuals whose personal information was accidentally emailed to more than 900 people by City Councilwoman Jill Galvez.
Nor does the city know exactly how many of the 940 people actually received and opened a spreadsheet that contained some personal information of 1,113 people on Galvez’s contact list.
“From the city’s standpoint, Councilmember Galvez’s contact list is her own private property, not a city record under city management or control,” Chula Vista spokesperson Anne Steinberger said in a statement.
Galvez contacted the city’s Information Technology Services department last Tuesday night when she realized she had accidentally emailed her personal contact list to 940 people while trying to email it to herself.
Because the email was addressed to 940 people, the city’s firewall released it in batches of roughly 200. IT staff were able to “halt the distribution but did not count the emails sent nor the emails stopped,” Steinberger’s statement said.
Because the staff didn’t count, there is no way the city can accurately count how many emails were stopped, she added.
Despite this uncertainty, Galvez has publicly stated multiple times that the majority of those 940 recipients never got the email.
After The San Diego Union-tribune published a story on the mistake, Galvez said on Twitter that the IT department stopped “most emails from going out.”
The next day, on her monthly newsletter, Galvez wrote that only a small percentage of people received the email.
“A relatively small percentage of subscribers received an excel spreadsheet that contained email addresses, some phone numbers and work related notes. Our IT department was able to stop the damage,” she wrote.
Although the councilwoman sent a follow-up email to the 940 recipients that explained the blunder and asked them to delete the spreadsheet, she has not contacted the individuals whose names and information was on the spreadsheet, but who are not subscribed to her newsletter.
Galvez, who tried to kill the original story from being published by offering a reporter editorial control of her newsletter, did not respond to questions about her claims that the majority of emails did not go out.
Additionally, in her newsletter, Galvez suggested that all of the people who received the accidental email deleted it. She offered no evidence to back up that claim.
“Please email me if you would like to see exactly what a few people received and subsequently deleted as it might pertain to you,” she wrote.
Galvez received multiple supportive messages after owning up to her mistake. Chula Vista residents said they sympathized with the councilwoman for making an “honest mistake,” that could have happened to anyone who is not very tech-savvy.
They said one error does not negate the work that Galvez has done to serve her constituents.
Others saw Galvez’s attempts to kill the story as a sign of unethical behavior.
“What troubles me is her response,” said Russ Hall. “In the 32 years that I’ve been involved in civic affairs in Chula Vista I’ve never seen anything like that before.”
Hall said his information was on the spreadsheet. But he was not really bothered by it because a lot of people have his email address anyway.
“It was just an entirely inappropriate response for a problem that could have ended itself with a simple explanation and a simple apology and everybody would have forgotten about it,” he said. “It doesn’t show good judgment.”
Chula Vista provides training and has requirements for how to maintain cybersecurity. One of the major training focuses is keeping employees aware of phishing scams, Steinberger said.
The city has a secure VPN network for employees working from home. No financial information is accessible via employees’ home computers.
Additionally, the city’s firewall blocks Social Security numbers included in emails or attachments. All credit card transactions that go through the city are handled by third-party vendors with strong security standards, she said.
gustavo.solis@sduniontribune.com