Jayed Rahman reports on a breach that has been characterized by substandard incident response by the school district from the outset:
Superintendent Eileen Shafer’s administration spent $13,816 in public funds in its investigation of the data breach that claimed tens of thousands of school district passwords, according to public documents reviewed by the Paterson Times.
Investigation was conducted by the Pittsburgh, Penn.-based law firm Eckert Seamans Cherin & Mellott. Public records show the firm began investigating the data breach three weeks after the Paterson Times reported on the incident that claimed 23,103 account passwords and other computer access tokens.
Read more on Paterson Times. Just $13,816? Was that just for the law firm? Was any external IT or forensics firm hired to review everything and to assess the district’s infosecurity?
And why all the secrecy? This really is an abject lesson in poor incident response. And yes, I do mean “abject lesson” and not “object lesson.”