Marianne Kolbasuk McGee reports:
Tens of thousands of documents containing personal information of special education students within New York City’s public school system were held in an unsecured database exposed to the internet.
Researcher Jeremiah Fowler of security services firm Security Discovery told Information Security Media Group he found the unsecured database in mid-February and immediately notified Encore Support Services, the apparent owner of the database. The database has since been secured, Fowler said.
Read more at GovInfoSecurity.
Would this be an appropriate time to note — once again — that the NYC Comptroller’s Office does not appear to have conducted any audit or re-audit of the education department’s IT security or data center controls since — wait for it: 2004. Or if they have, I sure can’t find any evidence of a report on the Comptroller’s web site. Maybe some NY Post or NY Times or Daily News reporter should ask the Comptroller why they haven’t audited the department for data security controls.
And no, if you’re think that the state comptroller would conduce the audit, they wouldn’t. This is the city’s turf for these purposes.