Gov. Mike Braun’s administration has scrapped a transparency tool that allowed the public to search for state employees’ roles and contact information after determining the application posed a cybersecurity risk.
The tool allowed the public to find basic information about state employees, including the agency they work for, their work email, their office phone number and their job title. It has been available since at least March 2018, according to the Internet Archive, but appeared to go offline at some point July 8.
The Indiana Office of Technology, which hosts the tool, did not answer IndyStar questions on if the decision was prompted by previous cybersecurity incidents or if there was any consideration given to making adjustments to the tool before deciding to scrap it entirely.
“While the Find a Person feature provided transparency and contact information, it also introduced a significant security risk by making data easily accessible to cybercriminals,” said IOT spokesperson Kelly Johnson in an email to IndyStar. “Upon further review, page traffic and utilization of the application was very low, leading to the decision to phase it out, as the benefit of the tool did not outweigh the security concerns.”
Initially, the state had appeared to stop adding new employees to the database, but Johnson told IndyStar the morning of July 8 that the tool would soon be completely removed. When IndyStar checked again at 3:30 p.m., the link redirected to a different Indiana government page.
Cybersecurity experts told IndyStar that having a public directory with employee information makes it easier for malicious actors to determine which employees may have access to sensitive information and impersonate colleagues. The issue is ever-evolving, experts said, and some cybercriminals are now using artificial intelligence to create personalized messages.
But one expert in cybersecurity law, Indiana University law professor Asaf Lubin, said in an email that while taking down the database reduces the risk of cybercrime, it creates an additional hurdle for journalists, advocates, lawyers and watchdog groups who are looking to determine who works in the agencies they cover.
The state could have attempted to balance those competing interests by removing some information, limiting searches, blocking automated web scraping or taking down listings for more sensitive positions, Lubin wrote.
IU also has a searchable database of employees and their contact information, for example, but does not allow people to generate a list of everyone who works at the university. It’s a key distinction that reduces cybersecurity risks, said Bipin Prabhakar, who chairs IU’s Information Systems Graduate Program.
“What you’re running into here is the dynamic or the tension between transparency and the privacy of the individuals and the cybersecurity of the individuals and actually the government and the unit itself,” he said.
In an email to IndyStar, Johnson said that tools allowing the public to search for contracts and employee salaries are still available.
Braun’s office did not immediately respond to a request for comment.
Download the free IndyStar app and turn on notifications to get breaking news and sports alerts.
Contact breaking politics reporter Marissa Meador at mmeador@indystar.com or find her on X at @marissa_meador.
This article originally appeared on Indianapolis Star: Indiana quietly scraps transparency tool, cites cybersecurity concerns
Reporting by Marissa Meador, Indianapolis Star / Indianapolis Star
USA TODAY Network via Reuters Connect

By Marissa Meador, Indianapolis Star | USA TODAY Network
