DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

New York State Comptroller DiNapoli Releases School District Audits

Posted on January 29, 2022 by Dissent

The state comptroller has released two more school district audits of information technology.

Putnam Valley Central School District – Information Technology (2021M-154)

Audit Period July 1, 2019 – May 31, 2021. We extended the audit period forward through July 28, 2021 to complete IT testing.

Quick District Facts

  • Local User Accounts 2,626
  • Employees 502
  • Student Enrollment 1,595

Audit Objective

Determine whether Putnam Valley Central School District’s (District) officials ensured information technology (IT) systems were adequately secured and protected against unauthorized use, access and loss.

Key Findings

District officials did not ensure IT systems were adequately secured and protected against unauthorized use, access and loss. Officials did not adopt a password security policy or manage the use of administrative accounts. As a result, the District has an increased risk of unauthorized use or access that could result in important data loss and a serious interruption in operations. Officials did not:

  • Adopt an adequate password security policy to address password requirements.
  • Create secondary user accounts for the IT system for three employees whose job responsibilities required administrative permissions, to be used for non-administrative activities.

In addition, sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

  • Adopt comprehensive password security policy to address password requirements.
  • Assess all local user accounts with administrative permissions and create secondary accounts to be used for non-administrative activities.

District officials generally agreed with our recommendations and indicated they planned to take corrective action.

Read the full report (pdf)


Hudson City School District – Information Technology (2020M-157)

Audit Period July 1, 2018 – January 31, 2020

Quick District Facts

  • Network User Accountsa  3,292
  • Computers 778
  • Total Paid to IT Service Provider $142,209
  • Employees and Students for the Hudson City School District 692
  • Students 1,816
    a These included 462 employee, 2,786 student and 44 generic accounts.

Audit Objective

Determine whether Hudson City School District (District) officials ensured information technology (IT) systems were adequately secured against unauthorized use, access and loss.

Key Findings

District officials did not adequately secure and protect the District’s IT systems against unauthorized use, access and loss. The Board and District officials did not:

  • Adopt adequate IT policies or a disaster recovery plan.
  • Ensure the acceptable use policy (AUP) was complied with, monitor the use of IT resources or provide IT security awareness training. We found questionable Internet use on four of six computers tested.
  • Disable 123 of the 462 enabled network accounts we examined. These 123 user accounts were unneeded and included generic and former employee accounts.

Sensitive IT control weaknesses were communicated confidentially to officials.

Key Recommendations

  • Adopt comprehensive IT policies and a disaster recovery plan, and provide periodic IT security awareness training to all employees who use IT resources.
  • Develop written procedures for managing system access.

Read the full report (pdf)

Related posts:

  • Audits of New York schools and the State Education Department reveal ongoing significant concerns
  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
  • New York State School District Audits Released in June
  • Recent NYS audits of K-12 school districts’ infosecurity
Category: Commentaries and AnalysesEducation Sector

Post navigation

← UK: Data breach at Greensward Academy
US DoD staffer with top-secret clearance stole identities from work systems to apply for loans →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.