DHS notified the Greenville County School District of compromise
Technorati Tag: Security Breach
Date Reported:
12/20/2007 (backdated from writing on 1/7/08)
Organization:
Greenville County School District
Contractor/Consultant/Branch:
None
Victims:
Employees
Number Affected:
Not disclosed*
*The Greenville County School District has an estimated 9,089 employees
Types of Data:
Names, Social Security numbers, and telephone numbers
Breach Description:
The U.S. Department of Homeland Security notified the Chief Information Officer of the State of South Carolina of suspicious activity involving Greenville County School District data. A malicious program had been installed on a computer used by the school district's benefits department that captured sensitive personal information belonging to certain school district employees.
Reference URL:
News Channel 7 Story
WYFF Channel 4 News Story
Report Credit:
News Channel 7
Response:
From the online sources cited above and letter sent to affected individuals:
Greenville County Schools was informed by the Chief Information Officer of the State of South Carolina (SC CIO) that the U.S. Department of Homeland Security has identified suspicious activity involving district data.
Unknown to the School District or that employee, a malicious program had been electronically transmitted into a Benefits Department computer by an outside source.
An investigation has identified your personal information as part of the data theft.
Greenville County Schools is one of several government entities recently affected by the compromise of personal information reported to the SC CIO. Local law enforcement, the State Law Enforcement Division (SLED), and the US Secret Service are conducting an investigation.
[Evan] Wouldn't be nice to know who the "several government entities" are? It appears that the data in the breach was compromised through a virus. I can only imagine the number of school computers nationwide that are infected.
When the Benefits Department computer was used to access state insurance information, the malicious software program captured your name, social security number, and telephone number.
[Evan] Captured and transmitted, or just captured?
We continue to work with state and federal law enforcement regarding this matter. You will be notified when additional information is available. If you have questions, please contact me at 355-1182.
[Evan] The "me" is James S. McCutcheon, Director of Disbursement Services
From the FAQ included with the breach notification:
Q. Why did this happen to me?
A. This is a random crime. We have no reason to believe that any specific individual was targeted.
Q. How did The U.S. Department of Home Land Security detect this incident?
A. The U.S. Department of Homeland Security continually monitors “.gov” internet traffic for possible criminal and terrorist activity. The Benefits Department accesses a “.gov” website to manage benefits information.
Victim Reaction:
"As a former employee, what amazes me is that the news just broke, and the district offices are closed! There is no one for me to contact about whether my records may have been stolen as well. If it wasn't for this site, I wouldn't know about their recommended steps." - Will
Commentary:
This is an interesting breach in the fact that the Department of Homeland Security (DHS) noticed and reported it. I assume that the DHS runs network IDS/IPS and this is how it was detected. IDS/IPS takes a considerable amount of tuning and attention. A good IDS/IPS specialist follows-up on anomalies rather than just tuning the alert out. Good work on the part of DHS.
Past Breaches:
Unknown
Date Reported:12/20/2007 (backdated from writing on 1/7/08)
Organization:
Greenville County School District
Contractor/Consultant/Branch:
None
Victims:
Employees
Number Affected:
Not disclosed*
*The Greenville County School District has an estimated 9,089 employees
Types of Data:
Names, Social Security numbers, and telephone numbers
Breach Description:
The U.S. Department of Homeland Security notified the Chief Information Officer of the State of South Carolina of suspicious activity involving Greenville County School District data. A malicious program had been installed on a computer used by the school district's benefits department that captured sensitive personal information belonging to certain school district employees.
Reference URL:
News Channel 7 Story
WYFF Channel 4 News Story
Report Credit:
News Channel 7
Response:
From the online sources cited above and letter sent to affected individuals:
Greenville County Schools was informed by the Chief Information Officer of the State of South Carolina (SC CIO) that the U.S. Department of Homeland Security has identified suspicious activity involving district data.
Unknown to the School District or that employee, a malicious program had been electronically transmitted into a Benefits Department computer by an outside source.
An investigation has identified your personal information as part of the data theft.
Greenville County Schools is one of several government entities recently affected by the compromise of personal information reported to the SC CIO. Local law enforcement, the State Law Enforcement Division (SLED), and the US Secret Service are conducting an investigation.
[Evan] Wouldn't be nice to know who the "several government entities" are? It appears that the data in the breach was compromised through a virus. I can only imagine the number of school computers nationwide that are infected.
When the Benefits Department computer was used to access state insurance information, the malicious software program captured your name, social security number, and telephone number.
[Evan] Captured and transmitted, or just captured?
We continue to work with state and federal law enforcement regarding this matter. You will be notified when additional information is available. If you have questions, please contact me at 355-1182.
[Evan] The "me" is James S. McCutcheon, Director of Disbursement Services
From the FAQ included with the breach notification:
Q. Why did this happen to me?
A. This is a random crime. We have no reason to believe that any specific individual was targeted.
Q. How did The U.S. Department of Home Land Security detect this incident?
A. The U.S. Department of Homeland Security continually monitors “.gov” internet traffic for possible criminal and terrorist activity. The Benefits Department accesses a “.gov” website to manage benefits information.
Victim Reaction:
"As a former employee, what amazes me is that the news just broke, and the district offices are closed! There is no one for me to contact about whether my records may have been stolen as well. If it wasn't for this site, I wouldn't know about their recommended steps." - Will
Commentary:
This is an interesting breach in the fact that the Department of Homeland Security (DHS) noticed and reported it. I assume that the DHS runs network IDS/IPS and this is how it was detected. IDS/IPS takes a considerable amount of tuning and attention. A good IDS/IPS specialist follows-up on anomalies rather than just tuning the alert out. Good work on the part of DHS.
Past Breaches:
Unknown
Posts Atom 1.0
Comments