Theft from vendor affects Modesto City Schools employees
Technorati Tag: Security Breach
Date Reported:
2/11/08
Organization:
Modesto City Schools
Contractor/Consultant/Branch:
Victims:
School district employees
Number Affected:
3,500
Types of Data:
Names, addresses, birth dates and Social Security numbers
Breach Description:
A computer hard drive containing sensitive personal information belonging to Modesto City School district employees was stolen from Systematic Automation Inc. in Fullerton, California. Systematic Automation Inc. prints annual benefits summaries for employees.
Reference URL:
The Modesto Bee online story
KCRA Channel 3 News story
ABC News Channel 10 story
Report Credit:
KCRA Channel 3 News
Response:
From the online sources cited above:
All 3,500 employees were affected by the breach, which happened after a computer drive with names, addresses, birth dates and Social Security numbers was stolen from a Southern California data processing firm in Fullerton.
Systematic Automation Inc., prints benefits information for employees including health benefits for the district.
The hard drive and three monitors were stolen at 4:30 a.m. in a "window smash" burglary, said Sgt. Linda King with the Fullerton Police Department.
An e-mail was sent out to all affected employees.
Snelling said the district sent the employee information in an encrypted format to Systematic Automation, where it apparently was stored on the computer in an unencrypted format.
[Evan] Good and bad. Good that the school district encrypted the information before sending it out. Bad that the school either did not communicate it's security expectations well or enforce them through regular audits of vendors.
"We want to do the accountable thing, which is to let everyone know so they can take their own steps to protect themselves," Modesto City Schools Superintendent Arturo Flores said.
Director of Business Services Dennis Snelling said no cases of identity theft connected with the data breach have been reported.
"We’re keeping an eye out," Snelling said. "We want our people to be able to protect themselves."
Snelling said other agencies had their data compromised in the theft, but he did not have details.
[Evan] Not cool.
Snelling sent a memo by e-mail and hard copy on paper just before 2 p.m. to warn employees and provide information about how to monitor for fraud.
District officials said they plan to look into the security practices of each agency to which that receives employee information is sent.
[Evan] Excellent addition to their practices. Vendors and contractors are extensions of the organization.
"We’d certainly be taking that up with Systematic Automation," he said. Employees with concerns can contact Louise Baker, supervisor of payroll and benefits, at 576-4192.
Victim Reaction:
"There are a lot of very unhappy people," said Ray Duran, vice president of the Modesto Teachers Association. "I just hate to think all my stuff is out there. We know these things happen. We just hope the district will find a way to remedy the problem."
[Evan] Unfortunately, there is little remedy for exposed information. Once information has been exposed, it stays exposed.
Sonoma Elementary teacher Judy Pierce said she was pleased at how quickly the district notified district employees and provided steps to help prevent identity theft.
"I think all of us hope in our lifetime we won’t be faced with these issues," Pierce said. "But (the district) gave us an entire two pages of steps of who to go to, who to contact. It made it very, very easy for us to follow through on it."
Commentary:
I am actually impressed with how well the school responded to this breach. It appears that they notified employees in a timely manner. The school also appears to know a thing or two about information security as demonstrated by encrypting the data and now recognizing the importance of evaluating vendor security practices.
March 12, 2008 - UPDATE: A computer stolen from Systematic Automation is found
Past Breaches:
Unknown
Date Reported:2/11/08
Organization:
Modesto City Schools
Contractor/Consultant/Branch:
Victims:
School district employees
Number Affected:
3,500
Types of Data:
Names, addresses, birth dates and Social Security numbers
Breach Description:
A computer hard drive containing sensitive personal information belonging to Modesto City School district employees was stolen from Systematic Automation Inc. in Fullerton, California. Systematic Automation Inc. prints annual benefits summaries for employees.
Reference URL:
The Modesto Bee online story
KCRA Channel 3 News story
ABC News Channel 10 story
Report Credit:
KCRA Channel 3 News
Response:
From the online sources cited above:
All 3,500 employees were affected by the breach, which happened after a computer drive with names, addresses, birth dates and Social Security numbers was stolen from a Southern California data processing firm in Fullerton.
Systematic Automation Inc., prints benefits information for employees including health benefits for the district.
The hard drive and three monitors were stolen at 4:30 a.m. in a "window smash" burglary, said Sgt. Linda King with the Fullerton Police Department.
An e-mail was sent out to all affected employees.
Snelling said the district sent the employee information in an encrypted format to Systematic Automation, where it apparently was stored on the computer in an unencrypted format.
[Evan] Good and bad. Good that the school district encrypted the information before sending it out. Bad that the school either did not communicate it's security expectations well or enforce them through regular audits of vendors.
"We want to do the accountable thing, which is to let everyone know so they can take their own steps to protect themselves," Modesto City Schools Superintendent Arturo Flores said.
Director of Business Services Dennis Snelling said no cases of identity theft connected with the data breach have been reported.
"We’re keeping an eye out," Snelling said. "We want our people to be able to protect themselves."
Snelling said other agencies had their data compromised in the theft, but he did not have details.
[Evan] Not cool.
Snelling sent a memo by e-mail and hard copy on paper just before 2 p.m. to warn employees and provide information about how to monitor for fraud.
District officials said they plan to look into the security practices of each agency to which that receives employee information is sent.
[Evan] Excellent addition to their practices. Vendors and contractors are extensions of the organization.
"We’d certainly be taking that up with Systematic Automation," he said. Employees with concerns can contact Louise Baker, supervisor of payroll and benefits, at 576-4192.
Victim Reaction:
"There are a lot of very unhappy people," said Ray Duran, vice president of the Modesto Teachers Association. "I just hate to think all my stuff is out there. We know these things happen. We just hope the district will find a way to remedy the problem."
[Evan] Unfortunately, there is little remedy for exposed information. Once information has been exposed, it stays exposed.
Sonoma Elementary teacher Judy Pierce said she was pleased at how quickly the district notified district employees and provided steps to help prevent identity theft.
"I think all of us hope in our lifetime we won’t be faced with these issues," Pierce said. "But (the district) gave us an entire two pages of steps of who to go to, who to contact. It made it very, very easy for us to follow through on it."
Commentary:
I am actually impressed with how well the school responded to this breach. It appears that they notified employees in a timely manner. The school also appears to know a thing or two about information security as demonstrated by encrypting the data and now recognizing the importance of evaluating vendor security practices.
March 12, 2008 - UPDATE: A computer stolen from Systematic Automation is found
Past Breaches:
Unknown
Posted by Evan Francen at 2/12/2008 2:58 PM 
Categories: Systematic Automation Inc, Stolen Device, Modesto City Schools
Categories: Systematic Automation Inc, Stolen Device, Modesto City Schools
Posts Atom 1.0
Comments