Another data theft in the education sector. And yet again, no one did anything wrong because there was never any policy. Yesterday I added a breach to DataLossDB involving the Morgan Road Middle School in Georgia. A flash drive with unencrypted student information, including SSNs, was stolen from an teacher’s unattended car. A gradebook was…
Category: Commentaries and Analyses
When is “an excess of caution” not excessive?
Over on DataLossDB.org, I was entering a security breach notification sent by Atlanta-based Oldcastle APG, Inc. They had informed the New Hampshire Attorney General’s Office that a laptop containing over 5,000 employees’ names, Social Security numbers, and bank account information had been stolen from an employee’s car. As required by the state. they had attached a…
Six Long Island men charged with using stolen Social Security numbers in three different tax refund fraud schemes
So the U. S. Attorney’s Office for the Eastern District of New York issued a press release on December 20 describing how 6 men were indicted for their roles in three tax refund fraud schemes. The three schemes resulted in more than 11,000 false income tax returns seeking refunds up to $73 million. According the…
Inadequate security of personal, private, and sensitive Information in school districts’ mobile computing devices – audit
I’ve often pointed out my concerns that public schools – at least those in New York that I’ve been in – do not seem to have adequate security in place for the vast troves of sensitive and confidential information they collect and retain. So I was unsurprised to read that a recent Office of the…
They’re guilty of ID theft, but don’t ask the government how/where they got the personal info?
Here’s another case where it’s clear there’s been some compromise of PII, but we have no idea how from what law enforcement tells us: According to documents filed in court, Miami-Dade Police Department (MDPD) officers executed a search warrant at [Travonn Xavier Russell’s] residence on January 18, 2012. During the search, MDPD officers found the following…
Glitch imperils swath of encrypted records
Shaun Waterman reports: A widely used method of computer encryption has a little-noticed problem that could allow confidential data stored by almost all Fortune 500 companies and everything stored on U.S. government classified computers to be “fairly easily” stolen or destroyed. The warning comes from the inventor of the encryption method, known as Secure Shell or SSH. “In…