Wabash Valley Prison Inadvertently Exposes Employees
Technorati Tag: Security Breach
Date Reported:
8/4/07
Organization:
Wabash Valley Prison
Contractor/Consultant:
None
Number Affected:
Unknown
Types of Data:
Name, Social Security number, date of birth
Breach Description:
A database containing the confidential information was inadvertently moved from a secure drive that was only accessible by Human Resources to a shared directory accessible by other unauthorized, internally authenticated users. The database contained information on facility employees from 1997 to 2002. This breach did not concern access from outside the facility.
Reference URL:
www.tribstar.com/news/local_story_216000536.html
Report Credit:
The Tribune Star, Terre Haute, IN
Response:
From the article cited above:
"The database was not accessible by the general public", Rich Larsen, public information officer
"Although we consider the possibility of identity theft as a result of the breach to be minor, we recommend [employees] should have a fraud alert put on their credit files, and that is free of charge,"
"We are estimating the length of the breach to be as short as a week to up to nine months,"
Commentary:
I actually agree with the statements from Rich Larsen that it is inlikely that this breach would result in identity theft. In my opinion, the Wabash Valley Prison handled this incident exceptionally well.
Past Breaches:
None since August 2007
Date Reported:
8/4/07
Organization:
Wabash Valley Prison
Contractor/Consultant:
None
Number Affected:
Unknown
Types of Data:
Name, Social Security number, date of birth
Breach Description:
A database containing the confidential information was inadvertently moved from a secure drive that was only accessible by Human Resources to a shared directory accessible by other unauthorized, internally authenticated users. The database contained information on facility employees from 1997 to 2002. This breach did not concern access from outside the facility.
Reference URL:
www.tribstar.com/news/local_story_216000536.html
Report Credit:
The Tribune Star, Terre Haute, IN
Response:
From the article cited above:
"The database was not accessible by the general public", Rich Larsen, public information officer
"Although we consider the possibility of identity theft as a result of the breach to be minor, we recommend [employees] should have a fraud alert put on their credit files, and that is free of charge,"
"We are estimating the length of the breach to be as short as a week to up to nine months,"
Commentary:
I actually agree with the statements from Rich Larsen that it is inlikely that this breach would result in identity theft. In my opinion, the Wabash Valley Prison handled this incident exceptionally well.
Past Breaches:
None since August 2007
Posts Atom 1.0
Comments