Jake Tapper reports that some organizations still haven’t patched Oracle, leaving sensitive information at risk of hacking:
This month, [researchers] found that a weakness in Oracle’s software – that the company discovered in 2012 and provided a patch for – still remains a huge vulnerability to any customer that missed or ignored that news.
Seely says at risk is the sensitive information from databases belonging to 20 government-related agencies, 100 schools K-12, and 50 institutions of higher learning, affecting hundreds of thousands, if not millions of people, he says.
He said, “You could completely steal someone’s identity and assume someone else, and take money out of their accounts, you could file legal documentation, you could take out business loans, the sky’s the limit.”
They also easily accessed the records of the Texas Department of Family and Protective Services.
Seely said, “That is a department that had records of parents, the children, the situation of the living environment of the child, things that the child had gone through. It’s a little rattling.”
In a statement to CNN, the department acknowledged not only that the records had been vulnerable, but that they were breached. They said: “the database has been shut down, and testing so far has found a limited data breach affecting fewer than 30 individuals. Anyone whose information was compromised is being notified and credit monitoring/identity restoration services will be provided at state expense.”
Read more on CNN.
Remind me: what federal agency enforces data security in k-12 and in higher education? Oh, that’s right: no federal agency does.