DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

No one’s to blame? I beg to disagree.

Posted on January 8, 2013 by Dissent

Another data theft in the education sector. And yet again, no one did anything wrong because there was never any policy.

Yesterday I added a breach to DataLossDB involving the Morgan Road Middle School in Georgia. A flash drive with unencrypted student information, including SSNs, was stolen from an teacher’s unattended car. A gradebook was also stolen. In his statement to the media, Richmond County School System Superintendent Frank Roberson said that the information in the teacher’s possession was not unusual. I agree, but why was the District using Social Security numbers instead of non-SSN identifiers? Does a teacher really need to know students’ SSNs? But here’s the part that really rankled:

Dr. Roberson says bottom line, the teacher did not break policy and because of that will not face consequences.

If there was no policy that said “Don’t leave unencrypted student information in unattended vehicles,” then I agree the teacher cannot be disciplined. But the school district should be in pillories.

Then lo and behold, there’s another news story this morning about how 60 80 Charlotte-Mecklenburg Schools employees in North Carolina have been warned to be on guard against identity theft after files containing their personal data were stolen from a human resource employee’s car.

The personnel files, which contained names, addresses, Social Security numbers, dates of birth and driver’s license numbers, were stolen Nov. 28, when the HR employee stopped for lunch, CMS spokeswoman Tahira Stalberte said. She said a CMS investigation determined that the employee, who was driving from one district office to another, did nothing wrong.

If no one is doing anything wrong by leaving personal information that could be used for ID theft in unattended vehicles, then the school districts are responsible for their failure to implement reasonable security policies, the states are responsible for not auditing the districts and sending a clear message about protection of data, and the U.S. Department of Education is responsible for not promoting regulations that would adequately protect the personal, private and sensitive information of students and employees.

No one’s to blame? I think there’s a lot of blame to go around. And it’s more than high time parents and employees insisted on adequate data security.

Category: Breach IncidentsCommentaries and AnalysesEducation SectorOf NoteTheftU.S.

Post navigation

← Former Texas HHS employee charged with identity theft; Hundreds may be impacted
Criminals steal €1.5 billion from EU credit cards →

4 thoughts on “No one’s to blame? I beg to disagree.”

  1. IA Eng says:
    January 8, 2013 at 12:48 pm

    Ahhhh another Security by obscurity. These “simple folk” – for lack of other kind words don’t have a clue. Anywhere in the US – or the world for that matter – teachers can be ripe targets to steal from. All it takes is an observant thief that watches a handful of teachers leave the building to see who might be carrying laptops, tablets or flash drives.

    They don’t get it. Kids PII is more important than adults. Their data could very well be used for nearly a decade before they even have a clue what a credit report is, or what a dependent on an IRS form actually is.

    Its more of an “I don’t care” attitude than anything else. There is no care in these type of cases. No attention to detail. Customer service ends when the teachers leave the classroms. They supposedly are overworked and underpaid – though they have more time off than any other profession I know of.

    How can the people fight this sort of lax mentality? The people voted in the superintendent of schools. They need to bring these sort of issues up and fire them and elect some one thats going to be able to do their job. Any change will apparently be better. Chances are it can’t gt muh worse.

    Each parent needs to individually file a complaint to the State Board of Education. Since this is unacceptable, they need to push this crap back up the chute so the people who are supposedly responsible for this gets to smell what the outcome could eventually be.

    The identity information doesnt change much. Some one could sit on this data for YEARS and then at the “right opportunity” start using or selling it. Back tracking the true source of PII information can be very painful.

    I hope the Feds get involved. I know they have bigger things to worry about, but some one should call them and have them read the information and then call them and read them the riot act.

  2. Don Moffett says:
    January 9, 2013 at 3:29 pm

    Clearly our educators are missing all the “teachable” moments as the data breaches of education facilities continue. In some instances, such as the University of North Carolina, they have had multiple “teachable” moments. I have said it before, until there are financial penalties this behavior will not change.

    1. admin says:
      January 9, 2013 at 3:40 pm

      Ironically, UNC itself tried to impose penalties by demoting the researcher in the mammography database breach. Why haven’t they demoted themselves over all the other breaches? Maybe I should draft a FOI request parents can send to their school boards to request copies of relevant policies and a draft statement to be read at school board meetings to get districts to address their woeful lack of security. Hmmm…

  3. Don Moffett says:
    January 9, 2013 at 7:42 pm

    I think it is time for accountability. Companies are not holding CIOs or CSOs responsible. They need to be fired. The technology is available to prevent 98% of the breaches, IT and Security leaders are not protecting company assets like they should!

    Companies need to be held accountable and that means financially. Companies and the government should have to pay each consumer a fee everytime they disclose their data and let the individual decide if they want to spend it on credit protection.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Massachusetts hacker to plead guilty to PowerSchool data breach
  • Cyberattack brings down Kettering Health phone lines, MyChart patient portal access (1)
  • Gujarat ATS arrests 18-year-old for cyberattacks during Operation Sindoor
  • Hackers Nab 15 Years of UK Legal Aid Applicant Data
  • Supplier to major UK supermarkets Aldi, Tesco & Sainsbury’s hit by cyber attack with ransom demand
  • UK: Post Office to compensate hundreds of data leak victims
  • How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
  • Cocospy stalkerware apps go offline after data breach
  • Ex-NSA bad-guy hunter listened to Scattered Spider’s fake help-desk calls: ‘Those guys are good’
  • Former Sussex Police officer facing trial for rape charged with 18 further offences relating to computer misuse

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy
  • Massachusetts Senate Committee Approves Robust Comprehensive Privacy Law
  • Montana Becomes First State to Close the Law Enforcement Data Broker Loophole
  • Privacy enforcement under Andrew Ferguson’s FTC

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.