Central Piedmont Community College Former Employee Breach
Technorati Tag: Security Breach
Date Reported:
9/21/07
Organization:
Central Piedmont Community College
Contractor/Consultant:
None
Victims:
Central Piedmont Community College employees
Number Affected:
2,600
Types of Data:
"private employee information like social security numbers, birth dates and addresses"
Breach Description:
A former employee of the Central Piedmont Community College "may" have accessed the private information of the college's employees. The former employee only worked at the college for less than a month. An investigation continues.
Reference URL:
Charlotte Observer Online Story
Carolina Channel 14 Online
Report Credit:
Lisa Reyes, Carolina Channel 14 News
Response:
From the online resources referenced above:
"Central Piedmont Community College is investigating whether a former employee improperly accessed personal information of fellow workers, including Social Security number, addresses and birth dates."
[Comfyllama] At this point it is not clear whether the former employee actually did access the data. A current employee reported the incident to CPCC officials, but it is unknown whether the story is credible.
"It's not believed student data was compromised, a CPCC spokeswoman said."
"The college sent e-mails and letters Thursday and Friday to its nearly 2,600 employees warning of the incident."
"We don't know that (the information) was used improperly," spokeswoman Jerri Haigler said Sunday. "But because there was a possibility, we wanted to send the information out to our employees as a precautionary measure."
[Comfyllama] Seems prudent.
"The employee worked at CPCC for less than a month and left last Tuesday, Haigler said. She said officials could not say what department the former employee worked in because it was a personnel matter. But she said the person worked in an area that typically would have access to employee information."
[Comfyllama] I am speculating here, but it seems as though the former employee's remote access (VPN) privileges and user account may not have been disabled upon termination. It doesn't sound like a circumvention of authentication or privileges.
"“This kind of thing is surprising here,” said John Cone an employee of the college. He said information security at CPCC is typically very tight."
"Employees were given information about obtaining free credit reports in light of the incident."
Commentary:
There are not many details around this breach. If my assumptions are correct, then this breach emphasizes the importance of good "off-boarding" procedures. All companies should have off-boarding procedures for both amicable and non-friendly terminations. As details of the investigation come out, my assumptions will become validated or void. Stay tuned.
Past Breaches:
Unknown
Date Reported:
9/21/07Organization:
Central Piedmont Community College
Contractor/Consultant:
None
Victims:
Central Piedmont Community College employees
Number Affected:
2,600
Types of Data:
"private employee information like social security numbers, birth dates and addresses"
Breach Description:
A former employee of the Central Piedmont Community College "may" have accessed the private information of the college's employees. The former employee only worked at the college for less than a month. An investigation continues.
Reference URL:
Charlotte Observer Online Story
Carolina Channel 14 Online
Report Credit:
Lisa Reyes, Carolina Channel 14 News
Response:
From the online resources referenced above:
"Central Piedmont Community College is investigating whether a former employee improperly accessed personal information of fellow workers, including Social Security number, addresses and birth dates."
[Comfyllama] At this point it is not clear whether the former employee actually did access the data. A current employee reported the incident to CPCC officials, but it is unknown whether the story is credible.
"It's not believed student data was compromised, a CPCC spokeswoman said."
"The college sent e-mails and letters Thursday and Friday to its nearly 2,600 employees warning of the incident."
"We don't know that (the information) was used improperly," spokeswoman Jerri Haigler said Sunday. "But because there was a possibility, we wanted to send the information out to our employees as a precautionary measure."
[Comfyllama] Seems prudent.
"The employee worked at CPCC for less than a month and left last Tuesday, Haigler said. She said officials could not say what department the former employee worked in because it was a personnel matter. But she said the person worked in an area that typically would have access to employee information."
[Comfyllama] I am speculating here, but it seems as though the former employee's remote access (VPN) privileges and user account may not have been disabled upon termination. It doesn't sound like a circumvention of authentication or privileges.
"“This kind of thing is surprising here,” said John Cone an employee of the college. He said information security at CPCC is typically very tight."
"Employees were given information about obtaining free credit reports in light of the incident."
Commentary:
There are not many details around this breach. If my assumptions are correct, then this breach emphasizes the importance of good "off-boarding" procedures. All companies should have off-boarding procedures for both amicable and non-friendly terminations. As details of the investigation come out, my assumptions will become validated or void. Stay tuned.
Past Breaches:
Unknown
Posted by Evan Francen at 9/24/2007 10:56 PM 
Categories: Poor Business Practice, Central Piedmont Community College
Categories: Poor Business Practice, Central Piedmont Community College
Posts Atom 1.0
Comments