Deanna Lambert reports:
Channel 4 News has learned Social Security numbers of Metro Nashville Public Schools students were not adequately protected, and the slip-up was traced back to the lunch line.
In some Metro Schools, students can’t get lunch without going through a computer. An audit suggests that Metro Schools needs more protection and better controls for students’ sensitive information.
It particularly references student’s Social Security numbers, which are needed to verify which students receive free or reduced lunch. The audit says one employee saved a file with the numbers on a computer desktop without encrypting or protecting the file with a password.
In another case, an employee improperly granted someone else access to an unprotected folder, and databases containing the sensitive numbers were not encrypted at any level.
Now if that sounds pretty scary, the district will reassure you:
“The files that were unencrypted and that were mentioned in the audit were not at the schools; there were here at the central office,” said Fred Carr, chief operating officer of Metro Schools.
The central office, behind lock and key, is where most of student’s personal information is kept, such as sensitive student information, food service information and textbook inventories, to name a few. It can’t be reached without special access and passwords.
I’m so glad to hear that Metro Schools has an invisible shield that protects it from brute force burglaries.
Read more on WSMV.
It’s good to see more attention paid to public schools as they contain a wealth of personal and sensitive information on both students and their families. I am still waiting for an anticipated flood of breach reports from the public k-12 education subsector, but those will probably not even start trickling in until the day when the schools really start getting audited and checked to see if they’ve already been breached and just haven’t detected it.