DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NY Comptroller Audit: Mount Pleasant Central School District – Information Technology User Accounts (2021M-31)

Posted on July 24, 2021 by Dissent

When, if ever, will there be actual consequences for school districts that still do not practice basic security hygiene?  Comptroller DiNapoli has released yet another k-12 district IT audit where the  are results so bad that they won’t make them public.  From the state’s summary:

Audit Objective

Determine whether Mount Pleasant Central School District (District) officials established adequate controls over user accounts in order to prevent unauthorized use, access and/or loss.

Key Findings

District officials did not establish adequate controls over the District’s user accounts to prevent unauthorized use, access and/or loss. Officials did not:

  • Monitor compliance with the District’s acceptable use policy (AUP).
  • Adequately manage network user accounts.

Sensitive information technology (IT) control weaknesses were communicated confidentially to officials.

Key Recommendations

  • Develop and implement procedures to monitor compliance with the AUP.
  • Develop written procedures for managing system access that include periodically reviewing user access and disabling network user accounts when access is no longer needed.
  • Evaluate all existing network accounts, disable any deemed unnecessary and periodically review for necessity and appropriateness.

District officials generally agreed with our recommendations and initiated or indicated they plan to initiate corrective action.

Read the full report here, but the worst stuff is not in that, either.

Category: Commentaries and AnalysesEducation Sector

Post navigation

← Tokyo 2020 reportedly suffers ticket-related data breach
Education Industry at Higher Risk for IT Security Issues Due to Lack of Remote and Hybrid Work Policies →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.