Kiski Area School District stolen laptop
Technorati Tag: Security Breach
Date Reported:
10/16/07
Organization:
Kiski Area School District
Contractor/Consultant/Branch:
None
Victims:
Kiski Area School District teachers and administrators
Number Affected:
Unknown*
*According to the school district web site "The district has a staff of approximately 400 and serves about 4,800 students."
Types of Data:
"personal information and Social Security numbers"
Breach Description:
A laptop was stolen from a Kiski Area School District administrator's car in "broad daylight" that contained sensitive personnel information about district teachers and administrators.
Reference URL:
The Pittsburgh Tribune-Review Report
ThePittsburghChannel.com Report
Report Credit:
ThePittsburghChannel.com
Response:
From the online resources cited above:
"Authorities and Kiski Area School District officials are investigating the theft of a district laptop that contained personnel information, including Social Security numbers, a district official said."
"Assistant Superintendent James R. Dick said the theft happened "during broad daylight" on Oct. 6 in Wilkinsburg or Edgewood"
"According to a letter Dick sent to teachers and administrators on Oct. 9, the laptop was stolen from an administrator's car."
"Dick said the laptop was in the administrator's car because she planned to return to the school district to work."
[Comfyllama] If the Kiski Area School District does not know how or refuses to secure laptops, then DON'T USE THEM!
"In his letter, Dick wrote: "We are reporting this incident to you because we believe that some of your personal information may have been contained on that computer. Accordingly, the stolen computer may have had the Social Security numbers for some teachers and administrators."
"He said the computer was password protected and that often in similar instances, the thieves simply steal laptops to sell them."
[Comfyllama] Where have I heard this before? Again I tell you, password protection is little more than no protection. Mentioning it is almost an insult to the intelligence. The mentality that thieves steal laptops for the hardware is "old school". Thieves are increasingly stealing laptops for the value of the information they contain.
Commentary:
This is another case of a stolen or lost laptop containing sensitive information that was not properly secured with encryption. Although laptop computers can greatly improve the efficiency of employees, the risks outweigh the benefit when security is not taken into consideration. The two obvious issues that I have with this breach are:
Past Breaches:
Unknown
Date Reported:10/16/07
Organization:
Kiski Area School District
Contractor/Consultant/Branch:
None
Victims:
Kiski Area School District teachers and administrators
Number Affected:
Unknown*
*According to the school district web site "The district has a staff of approximately 400 and serves about 4,800 students."
Types of Data:
"personal information and Social Security numbers"
Breach Description:
A laptop was stolen from a Kiski Area School District administrator's car in "broad daylight" that contained sensitive personnel information about district teachers and administrators.
Reference URL:
The Pittsburgh Tribune-Review Report
ThePittsburghChannel.com Report
Report Credit:
ThePittsburghChannel.com
Response:
From the online resources cited above:
"Authorities and Kiski Area School District officials are investigating the theft of a district laptop that contained personnel information, including Social Security numbers, a district official said."
"Assistant Superintendent James R. Dick said the theft happened "during broad daylight" on Oct. 6 in Wilkinsburg or Edgewood"
"According to a letter Dick sent to teachers and administrators on Oct. 9, the laptop was stolen from an administrator's car."
"Dick said the laptop was in the administrator's car because she planned to return to the school district to work."
[Comfyllama] If the Kiski Area School District does not know how or refuses to secure laptops, then DON'T USE THEM!
"In his letter, Dick wrote: "We are reporting this incident to you because we believe that some of your personal information may have been contained on that computer. Accordingly, the stolen computer may have had the Social Security numbers for some teachers and administrators."
"He said the computer was password protected and that often in similar instances, the thieves simply steal laptops to sell them."
[Comfyllama] Where have I heard this before? Again I tell you, password protection is little more than no protection. Mentioning it is almost an insult to the intelligence. The mentality that thieves steal laptops for the hardware is "old school". Thieves are increasingly stealing laptops for the value of the information they contain.
Commentary:
This is another case of a stolen or lost laptop containing sensitive information that was not properly secured with encryption. Although laptop computers can greatly improve the efficiency of employees, the risks outweigh the benefit when security is not taken into consideration. The two obvious issues that I have with this breach are:
- Why did the school district permit sensitive information to be stored on a mobile device? There are numerous alternatives that must not have been taken under consideration.
- Why wasn't the laptop encrypted? We advise that all laptops be encrypted regardless of whether or not they store and/or access confidential information. It is always better to be safe than sorry. Build the price of encryption ($90 - 175/seat) into the overall price of the laptop.
Past Breaches:
Unknown
Posts Atom 1.0
Comments