Clovis Unified School District employees receive notice
Technorati Tag: Security Breach
Date Reported:
2/16/08
Organization:
Clovis Unified School District
Contractor/Consultant/Branch:
*
*This breach is related to:
"Theft from vendor affects Modesto City Schools employees" dated 2/12/08, and
"L.A. Dept. of Water of Power employees exposed" dated 2/19/08
Victims:
Employees
Number Affected:
~4,000**
**Over 15,000 total (and counting)
Types of Data:
Names, addresses and Social Security numbers
Breach Description:
Computer equipment was stolen from a Clovis Unified School District vendor, Systematic Automation that contained sensitive personal information belonging to employees of the district. Systematic Automation manages employee benefit information, and the district is the third reported organization affected by the loss.
Reference URL:
CBS Channel 47 News online story
The Fresno Bee online story
Report Credit:
CBS Channel 47 News
Response:
From the online sources cited above:
Clovis Unified School District employees were notified that a computer stolen this week from a Fullerton company contained personal information -- including Social Security numbers -- for about 4,000 district employees.
police do not believe the intent of the burglary was to steal identity information
[Evan] I don't know how you would determine intent based on the limited information available. At some point in time thieves are going to figure out that there is a heckuva lot more to gain by using the stolen information than there is in the pawning off the hardware.
Fullerton police say the computers are password protected but that doesn't mean the code can't be cracked
[Evan] This is very true. Most Windows passwords can be bypassed in less than five minutes.
the district has recommended that employees establish fraud alerts on their credit files
The district also held two fraud-prevention seminars for employees Wednesday, with seven more planned during the next week.
Employee information for Clovis Unified and 15 other organizations was jeopardized when Systematic Automation of Fullerton was burglarized about 4:30 a.m. Monday.
[Evan] Wow. 15 organizations and their employees are at risk due to one breach. We know of at least three; Clovis Unified School District, Los Angeles Department of Water and Power ("DWP"), and Modesto City Schools.
District employees were alerted in an e-mail about 3:30 p.m. Tuesday
[Evan] Quick notification. This was a good decision on the part of district management
The stolen computer contained Clovis Unified employee names, addresses and salaries, as well as Social Security numbers. It did not contain birth dates or other personal information.
Systematic Automation handles the online benefits enrollment for Clovis Unified employees and publishes information on what benefits each employee receives
[Evan] Might need to change "handles" to "handled". I wonder how this single breach affects Systematic Automation's business viability.
The police believe the computers contained tens of thousands of pieces of information.
Commentary:
What is there to say that hasn't already been said in the two previous postings? Did any of the 15 organizations audit Systematic Automation's information security practices?
March 12, 2008 - UPDATE: A computer stolen from Systematic Automation is found
Past Breaches:
Clovis Unified School District:
Unknown
Systematic Automation:
February, 2008 - L.A. Dept. of Water of Power employees exposed
February, 2008 - Theft from vendor affects Modesto City Schools employees
Date Reported:2/16/08
Organization:
Clovis Unified School District
Contractor/Consultant/Branch:
*
*This breach is related to:
"Theft from vendor affects Modesto City Schools employees" dated 2/12/08, and
"L.A. Dept. of Water of Power employees exposed" dated 2/19/08
Victims:
Employees
Number Affected:
~4,000**
**Over 15,000 total (and counting)
Types of Data:
Names, addresses and Social Security numbers
Breach Description:
Computer equipment was stolen from a Clovis Unified School District vendor, Systematic Automation that contained sensitive personal information belonging to employees of the district. Systematic Automation manages employee benefit information, and the district is the third reported organization affected by the loss.
Reference URL:
CBS Channel 47 News online story
The Fresno Bee online story
Report Credit:
CBS Channel 47 News
Response:
From the online sources cited above:
Clovis Unified School District employees were notified that a computer stolen this week from a Fullerton company contained personal information -- including Social Security numbers -- for about 4,000 district employees.
police do not believe the intent of the burglary was to steal identity information
[Evan] I don't know how you would determine intent based on the limited information available. At some point in time thieves are going to figure out that there is a heckuva lot more to gain by using the stolen information than there is in the pawning off the hardware.
Fullerton police say the computers are password protected but that doesn't mean the code can't be cracked
[Evan] This is very true. Most Windows passwords can be bypassed in less than five minutes.
the district has recommended that employees establish fraud alerts on their credit files
The district also held two fraud-prevention seminars for employees Wednesday, with seven more planned during the next week.
Employee information for Clovis Unified and 15 other organizations was jeopardized when Systematic Automation of Fullerton was burglarized about 4:30 a.m. Monday.
[Evan] Wow. 15 organizations and their employees are at risk due to one breach. We know of at least three; Clovis Unified School District, Los Angeles Department of Water and Power ("DWP"), and Modesto City Schools.
District employees were alerted in an e-mail about 3:30 p.m. Tuesday
[Evan] Quick notification. This was a good decision on the part of district management
The stolen computer contained Clovis Unified employee names, addresses and salaries, as well as Social Security numbers. It did not contain birth dates or other personal information.
Systematic Automation handles the online benefits enrollment for Clovis Unified employees and publishes information on what benefits each employee receives
[Evan] Might need to change "handles" to "handled". I wonder how this single breach affects Systematic Automation's business viability.
The police believe the computers contained tens of thousands of pieces of information.
Commentary:
What is there to say that hasn't already been said in the two previous postings? Did any of the 15 organizations audit Systematic Automation's information security practices?
March 12, 2008 - UPDATE: A computer stolen from Systematic Automation is found
Past Breaches:
Clovis Unified School District:
Unknown
Systematic Automation:
February, 2008 - L.A. Dept. of Water of Power employees exposed
February, 2008 - Theft from vendor affects Modesto City Schools employees
Posted by Evan Francen at 2/21/2008 1:47 AM 
Categories: Systematic Automation Inc, Stolen Device, Clovis Unified School District
Categories: Systematic Automation Inc, Stolen Device, Clovis Unified School District
Posts Atom 1.0
Have received notice of security breach because of stolen computer regarding information for Torrance Unified School District.
Reply to this
Why does this keep happening? Can't the computers and the data on them be secured? Our University has a lot of employee and student data kept in very well protected computers. We wouldn't forgive ourselves if the data was distributed or stolen.
Reply to this