There is enough stupidity to spread around the Baltimore City information techonology landscape. One leg of the highly touted Information Security Benchmark Model Triad: Confidentiality, Integrity, and Availability was not met: Availability (include Integrity if you examine what became of the integrity of the data, which of course, is impactful of the Confidentiality of the data). Where were the security folks in this conflagration?

"In a report to a committee of the Baltimore City Council last week, City Auditor Josh Pasch said that the city's Information Technology department could not provide any documentation of its work toward meeting agency performance goals because the only copies of that data were kept on local hard drives and never backed up to a server or the cloud." - via Sean Gallagher in his blog post published at Ars Technica