Edgewood Independent School District break-in affects 729
Technorati Tag: Security Breach
Date Reported:
10/24/07
Organization:
Edgewood (TX) Independent School District
Contractor/Consultant/Branch:
None
Victims:
Edgewood Independent School District students
Number Affected:
729
Types of Data:
"student files" including Social Security numbers.
Breach Description:
Burglars broke into the Edgewood Independent School District intermediate, middle and highschool file cabinets that contained sensitive personal information about school district students. The break-ins occurred over the weekend of October 20th and 21st, 2007.
Reference URL:
The Tyler Morning Telegraph
Report Credit:
Malena Ogles, Tyler Morning Telegraph
Response:
From the online article cited above:
"Burglars smashed glass from windows, pried open doors and climbed down a middle school's skylight to gain entry to buildings in the Rains, Kaufman, Edgewood, and Alba-Golden Independent School Districts."
"Tuesday afternoon, Edgewood Independent School District Superintendent Jack Shellnutt sent a note to parents telling them their childrens' information could have been compromised during the break-ins on Saturday and Sunday night."
"With all this identity and credit card theft we can't be too careful," he said.
"At the district's intermediate, middle and high schools, file cabinets were found ripped open, with students' paperwork scattered across offices. School administrators are not saying for sure they think the burglar's plan was to steal Social Security numbers, but they're not taking any chances."
"If we see student files lying on the floor, even if nothing was done with them, we're calling them compromised," Shellnutt said. "We didn't want some kid to find out 15 years later while applying for a car loan that they had their identity stolen."
[Comfyllama] This is a very intelligent response. Compromise does NOT have to mean that fraudulent or criminal activity occurred. Compromise to me means that confidentiality, integrity and/or availability of information cannot be assured.
"Personnel who were inside the intermediate school building a day before it was burglarized said the door to the computer lab was shut. On the morning the building was found burglarized, the lab door was open and thousands of dollars in computer equipment were unmoved and unharmed."
"They could have helped themselves, but they only got a few dollars out of the offices. They seemed to be getting into records, and we don't know the purpose behind it," Shellnutt said.
[Comfyllama] This Mr. Shellnutt speaks more intelligently about information security than some of the information security professionals do.
"Edgewood Police Chief Henry Askew said that whoever broke into the schools had access to 729 student's Social Security numbers."
"There is one master list from the intermediate school that is not accounted for, and another may have been copied from the middle school," Askew said.
"School officials said they were unable to tell if any files were copied at the high school."
"Police sent a list of compromised Social Security numbers to the United States Inspector General's Office Criminal Investigation Division for Social Security Administration."
"In the meantime, Askew and his department are writing offense reports for each of the 729 students. Once complete, a copy of the report will be sent to parents."
"We think it's better to be safe than sorry," Askew said.
Commentary:
Overall, I am impressed with the school district's response to this breach. It would have been all too easy to assume that no information was at risk or "compromised". The school district understands that this information does NOT belong to the district, but belongs to the students, which is refreshing. Physical security is often segregated from the discipline of information security, but the goals and how they relate to the protection of information are the same.
One question that comes to mind is why does the school district need to store Social Security numbers in the first place?
Past Breaches:
Unknown
Date Reported:10/24/07
Organization:
Edgewood (TX) Independent School District
Contractor/Consultant/Branch:
None
Victims:
Edgewood Independent School District students
Number Affected:
729
Types of Data:
"student files" including Social Security numbers.
Breach Description:
Burglars broke into the Edgewood Independent School District intermediate, middle and highschool file cabinets that contained sensitive personal information about school district students. The break-ins occurred over the weekend of October 20th and 21st, 2007.
Reference URL:
The Tyler Morning Telegraph
Report Credit:
Malena Ogles, Tyler Morning Telegraph
Response:
From the online article cited above:
"Burglars smashed glass from windows, pried open doors and climbed down a middle school's skylight to gain entry to buildings in the Rains, Kaufman, Edgewood, and Alba-Golden Independent School Districts."
"Tuesday afternoon, Edgewood Independent School District Superintendent Jack Shellnutt sent a note to parents telling them their childrens' information could have been compromised during the break-ins on Saturday and Sunday night."
"With all this identity and credit card theft we can't be too careful," he said.
"At the district's intermediate, middle and high schools, file cabinets were found ripped open, with students' paperwork scattered across offices. School administrators are not saying for sure they think the burglar's plan was to steal Social Security numbers, but they're not taking any chances."
"If we see student files lying on the floor, even if nothing was done with them, we're calling them compromised," Shellnutt said. "We didn't want some kid to find out 15 years later while applying for a car loan that they had their identity stolen."
[Comfyllama] This is a very intelligent response. Compromise does NOT have to mean that fraudulent or criminal activity occurred. Compromise to me means that confidentiality, integrity and/or availability of information cannot be assured.
"Personnel who were inside the intermediate school building a day before it was burglarized said the door to the computer lab was shut. On the morning the building was found burglarized, the lab door was open and thousands of dollars in computer equipment were unmoved and unharmed."
"They could have helped themselves, but they only got a few dollars out of the offices. They seemed to be getting into records, and we don't know the purpose behind it," Shellnutt said.
[Comfyllama] This Mr. Shellnutt speaks more intelligently about information security than some of the information security professionals do.
"Edgewood Police Chief Henry Askew said that whoever broke into the schools had access to 729 student's Social Security numbers."
"There is one master list from the intermediate school that is not accounted for, and another may have been copied from the middle school," Askew said.
"School officials said they were unable to tell if any files were copied at the high school."
"Police sent a list of compromised Social Security numbers to the United States Inspector General's Office Criminal Investigation Division for Social Security Administration."
"In the meantime, Askew and his department are writing offense reports for each of the 729 students. Once complete, a copy of the report will be sent to parents."
"We think it's better to be safe than sorry," Askew said.
Commentary:
Overall, I am impressed with the school district's response to this breach. It would have been all too easy to assume that no information was at risk or "compromised". The school district understands that this information does NOT belong to the district, but belongs to the students, which is refreshing. Physical security is often segregated from the discipline of information security, but the goals and how they relate to the protection of information are the same.
One question that comes to mind is why does the school district need to store Social Security numbers in the first place?
Past Breaches:
Unknown
Posted by Evan Francen at 10/31/2007 12:39 PM 
Categories: Intrusion, Edgewood Independent School District
Categories: Intrusion, Edgewood Independent School District
Posts Atom 1.0
I have read about this case and I ask you people: this burglary seems to me like a hired hit for some files to disappear. Tell me that I am wrong but that would take serious arguments coming from you.
Reply to this