DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

TX: 14,000 Midland ISD students risk identity theft because of sloppy security

Posted on February 4, 2014 by Dissent

From the oh-FFS-dept.:

AP reports:

The identity information of 14,000 past and present Midland Independent School District students has been compromised by a computer theft.

Midland school Superintendent Ryder Warren says a laptop computer and external hard drive containing the information was stolen from the back of a district administrator’s car on Jan. 23. He says the information includes birthdates and Social Security numbers of all current students from seventh grade through high school seniors, along with graduates dating to the class of 2008.

Read more on NBCDFW.

In a February 3rd media notice linked from the district’s homepage as “Unauthorized Information Release Announcement,” Superintendent Warren writes:

 Please be aware that Midland ISD is notifying parents and guardians of an unauthorized information release of selected current and former students’ information.

A computer theft caused the information breach, and MISD is working with the Midland Police Department following the incident.

Current and former MISD students’ Social Security numbers and dates of birth could potentially be used fraudulently. MISD encourages students and/or families to place a fraud alert on their credit lines and to contact at least one of the three major credit bureaus (Equifax, Experian, or TransUnion Corp.). Please see the attached letter for more information. 

As the superintendent of schools, I deeply apologize for any inconveniences that may result from the theft. We are reviewing (and if needed – changing) all district-wide safety measures to help further ensure the security of confidential information in the future. MISD prioritizes the privacy and safety of students and families.

The January 31st notice to parents begins:

To current and former MISD parents or guardians,

This letter is being sent to you as a formal notice that personal information relating to your student, and maintained in a database by Midland ISD, may have been compromised by a recent theft. This notice constitutes the disclosure required under Section 521.053 of the Texas Business & Commerce Code.

On January 23, 2014, MISD was informed that a computer and an external hard drive which contained sensitive personal identifying information was stolen. A police report was immediately filed. MISD believes your student’s name, Social Security number and date of birth may have been contained within the files on the external hard drive.

At this time, MISD has no knowledge that your student’s name or personal identifying information has been accessed or misappropriated.

As part of the report to the Midland Police Department, we reported all of the names of those who could be affected. Your student’s name was included in this group reporting process. By reporting as a group, individually submitted police reports are not necessary.

Possible use of your student’s personal identifying information by unauthorized individuals may result in financial loss to your student. Please refer to the following web sites for helpful information:

[…]

Read more of the notices here (pdf).

Neither of those notices happens to mention that the theft occurred from a district administrator’s car. Nor is there any mention of any disciplinary action taken against the administrator who left the devices in a vehicle. Was the administrator violating any established policy or was there no policy in place that says, “Hey, dummy, don’t leave PII lying around?”

Yes, I’m irked. This is really inexcusable that 14,000 students and their families now have to worry about identity theft because of slack practices by a district administrator.

Category: Commentaries and AnalysesEducation SectorOf NoteTheftU.S.

Post navigation

← FL: Former Mount Sinai Medical Center Temporary Employee Sentenced In Identity Theft Tax Refund Scheme Involving The Theft Of Patient Information
Target Accelerates Implementation of Chip-Enabled Smart Card Technology to Protect Consumers from Fraud →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials
  • Proposed class action settlement in In re Netgain Technology litigation

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.