DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

The Maricopa County Community Colleges District data breach investigation they didn’t want us to see

Posted on September 30, 2014 by Dissent

In January 2011, DataBreaches.net reported that login credentials for the Maricopa County Community Colleges District (MCCCD) were up for sale on the black market. That month, the FBI also contacted Maricopa to alert them to the breach. In response to the incident, MCCCD brought in Stach & Liu (now Bishop Fox) to investigate and make recommendations.

Following MCCCD’s  second – and massive – data breach in 2013, this blogger filed a formal complaint with the FTC (pdf) asking them to investigate MCCCD’s data security and to take action to protect the financial and personal information of students, vendors, and staff. Yesterday, EPIC filed a supplemental complaint (pdf), also calling on the FTC to investigate and take action against MCCCD to protect personal information.

Today, in the first of what is expected to be a series of reports, DataBreaches.net is disclosing what Stach & Liu found in their preliminary investigation of the 2011 breach. In February 2011, they reported that the Application level, they found:

  • Comprehensively insecure code with systemic critical flaws like file inclusion and injection
  • Hundreds of attacks per month as far back as analysis was performed for file inclusion and SQL injection; and
  • No secure coding practices identified whatsoever

For the compromised web server, they found:

  • All LAMP systems are running out-of-date versions
  • 5 LAMP servers were backdoored with web shells
  • Up to 29 virtual hosts were stored on a single server
  • Blank passwords SSH keys were used to connect between systems; and
  • Shared filesystems were used bewteen public web servers

Their findings from investigation at the database level revealed:

  • 29% of passwords were re-used
  • 21% of passwords were cracked in seconds
  • 2 databases were poisoned with credentials to FTP
  • Up to 140 databases were stored on a single server; and
  • Databases dating back to 2000 used cleartext or unsalted passwords with FILE privileges

Note: the databases referred to above were those residing on the compromised webservers and other virtual servers. These servers were managed by the server team and MCCCD’s Marketing Department – not the employees MCCCD subsequently fired and tried to blame for everything.

The Stach & Liu report pointed out the consequences of what they had found:

  • MCCCD had already experienced a data breach and loss
  • MCCCD systems had been included in a botnet
  • Backdoors were installed on servers
  • Servers had been abused for Pharma marketing (spam); and
  • MCCCD could experience brand and reputation damage

Stach & Liu made a number of recommendations for next steps in terms of assessment and remediation. As subsequent posts will illustrate, documents provided to DataBreaches.net – most of which have not been shared with the public under open records requests – indicate that MCCCD never fully implemented the recommendations of its consultants, its own employees, or state auditors who, year after year, noted data security control concerns.

Category: Commentaries and AnalysesEducation SectorU.S.

Post navigation

← Four hackers charged with stealing $100m in US army and Xbox technology
Miami-Dade County Resident Sentenced For Identity Theft Schemes Involving Fraudulent Social Security Benefits And Income Tax Refunds →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.