An information-technology manager at the University of Georgia who had access to students’ personal information worked in the registrar’s office for nearly a year after he faced felony theft-by-deception charges related to his data-handling position at a different organization.
William Ora Mullen pleaded guilty to those charges and accepted a 10-year prison sentence on April 28 – the same day he gave a letter of resignation to the university. The letter gave May 12 as his final day of employment.
But the university didn’t learn of the charges until May 6, when Mr. Mullen told the university’s office of legal affairs about them, said Tom Jackson, the university’s vice president of public affairs.
Mr. Mullen, who had access to sensitive information like students’ Social Security numbers, was immediately denied access to campus servers on that day. His passwords were also changed. Still, he remained employed by the university until May 12. Mr. Jackson said most of those days were “logged as sick days.”
The charges against Mr. Mullen, who was hired by the university on March 5, 2008, were brought by a former employer, Habersham Metal Products, where he was also an IT manager. He was responsible for purchasing, managing the company’s servers, and strategic planning, according to an article in the university’s student newspaper, the Red and Black.
Mr. Mullen was accused of creating a fake company called Rappaccini-Ga. to quietly obtain company products and payments “by deceitful means,” according to court documents, between August 2005 and March 31, 2008 – including several weeks after he began work at the University of Georgia.
Since Mr. Mullen’s resignation, the university has run two audits of its servers – one by the university’s IT department and one by internal auditing — but neither showed evidence of any foul play, Mr. Jackson said.
“We found nothing to indicate that those files had been transferred, although we can’t say for certain that he doesn’t have them,” Mr. Jackson said. —Erica R. Hendry