Cuesta College breach led to drug bust

June 17, 2015
Lacey and Chad Fowler

Lacey and Chad Fowler


While serving a search warrant at the home of a Cuesta College Human Resources analyst suspected of misappropriation of employee personal information, investigators discovered more than four pounds of methamphetamine and heroin.

On May 31, a Cuesta College employee allegedly breached the campus data system and then emailed employee names, home addresses, email addresses, phone numbers and Social Security numbers to her private email account. A week after the theft, campus police became aware of the breach and asked the San Luis Obispo District Attorneys Office for assistance.

On June 11, Cuesta College Police officers and SLO District Attorney investigators searched the Paso Robles home of Lacey Fowler, a Cuesta College analyst, and her husband Chad Fowler, campus sources said.

Inside a storage unit at the residence on the 3000 block of Creston Road, investigators discovered 5 pounds of methamphetamine and 7.1 ounces of black tar heroin, reportedly worth about $27,000. Retired sheriff deputy Micheal Wasley, a relative of Lacey Fowler, owns the property.

Campus police then called in SLO County Sheriff’s narcotics investigators to assist. Sheriff deputies arrested Chad Fowler on charges of possession of heroin for sale and possession of methamphetamine for sale, with an enhancement for possessing more than one kilo of methamphetamine.

Chad Fowler remains in the San Luis Obispo County Jail with bail set at $200,000, according to the sheriff’s website.

Shortly after the search of the Fowlers’ home, Cuesta College President Gil Stork informed employees through an email of the breach of their personal information. Stork also warned employees to take precautions to protect themselves from the breach noting that college officials would follow up with suggestions.

Lacey Fowler is currently on approved medical leave, said Millisa Richerson, Cuesta College’s executive director of human resources and labor negotiations. Richerson would not comment on the identity of the employee responsible for the data theft because of employee confidentiality.

Don’t miss links to breaking news, like CCN on Facebook.

Inline Feedbacks
View all comments

I disagree, yes vetting an potential employee is a must but having a network that allows sending data to a private email account is a security problem. Networks can and should be secure, restricting access, limiting sending of data, prohibiting certain task, like sending data to a private email address. The IT department at Cuesta needs a some new personal because the current one is not doing its job, there was a failure and someone is responsible, not just Fowler.

I understand what you’re saying regarding downloading to an e-mail account. I read the Tribune and was surprised to read that Lacey not only had remote access from her home computer but also was able to access unauthorized data. Yes, there is a problem with the IT department implementing proper security as well as the vetting process in HR.

According to the Tribune “Court records show that Lacey Fowler was convicted of felony burglary and forgery in an October 2007 case in San Luis Obispo County. Details on that case are no longer public, as Fowler applied for and was successful in having the convictions expunged from her record in November 2011”.

It would be interesting to know how long Fowler has worked at Cuesta. Was she hired without the College knowing of the former crime, or was she convicted of the crime while working at Cuesta?

At the very minimum, Cuesta College should be responsible to pay the $10.00 charge to the credit reporting bureau for every employee, present & past to freeze any new activity on their credit report. That is certainly not too much to ask being that it is their fault for not securing confidential information better.

I would agree as long as the money comes out of some departments existing budget instead of crying for the taxpayers to pay for someone’s fault at not securing the data.

I don’t think it was necessarily a problem with securing the data. Keep in mind that someone has to have access to the personnel records and that would be HR. The problem is with vetting who works in HR and who has access and in this case, a person with a record for felony burglary and forgery should not be in a position to access any financial data, public data, personnel data or individuals personal data regarding anything. While the details of the record is expunged the fact that it exist is still public record. The HR Director didn’t do her job.