Spring ISD mobile devices stolen along with personal student information
Technorati Tag: Security Breach
Date Reported:
5/16/08
Organization:
Spring Independent School District ("Spring ISD")
Contractor/Consultant/Branch:
None
Victims:
Students
Number Affected:
~8,000
Types of Data:
"personal information, including name, social security number or state-assigned identification number, gender, name of school, grade and birthday"
Breach Description:
"Spring ISD has been informing the parents of about 8,000 students of an incident that occurred in the evening on Wednesday, May 14 that involves the students’ personal information. The Spring ISD testing coordinator’s car was broken into while she was making a stop at a business on her way home from work that evening and a Spring ISD laptop computer and an external flash drive were stolen."
Reference URL:
Spring ISD News
Houston Chronicle
ABC Channel 13 News
Report Credit:
Spring ISD
Response:
From the online sources cited above:
Spring ISD has been informing the parents of about 8,000 students of an incident that occurred in the evening on Wednesday, May 14 that involves the students’ personal information.
The Spring ISD testing coordinator’s car was broken into while she was making a stop at a business on her way home from work that evening and a Spring ISD laptop computer and an external flash drive were stolen.
[Evan] The fact that the district allows personal student information to be stored on mobile devices is very troubling. There is no mention of encryption, so I will assume that there was none. This is very careless.
The coordinator's computer bag was stolen from her vehicle between 5:30 and 7 p.m. Wednesday when she stopped to run an errand near Mason Road and Beltway 8, on her way home from work
The coordinator had the laptop, Curry said, because the job responsibilities often require her to work nights and weekends.
[Evan] Fine. This is the reason why many organizations use laptops. The problem is the lack of control and security. If an organization decides to employ laptops, then the organization MUST ensure that they are adequately protected.
The flash drive contains the Texas Assessment of Knowledge and Skills (TAKS) results of third and fifth graders who have taken the first round of reading and math tests, eighth graders who have taken the first round of math tests and 11th and 12th graders who have taken the exit level retest.
In addition, the drive contains the students’ personal information, including name, social security number or state-assigned identification number, gender, name of school, grade and birthday.
[Evan] Why in the *&^$ does a testing coordinator have Social Security numbers on a laptop and/or flash drive?! A Social Security number should have no correlation to testing scores.
This also applies to students who are in those testing groups but were absent when the testing took place.
Personal phone calls were made to the parents of these students on Thursday, letters were sent home with students and the letters are being mailed to homes also in an effort to help parents quickly take steps to protect their children from identity theft.
"The district immediately contacted federal agencies to make them aware of the theft, and we are checking to see whether there is any thing else we can do on behalf of the individual students. In the meantime, we urge parents to use the information we have provided," said Regina Curry, assistant superintendent for communications and community relations.
The theft is being investigated by the Harris County Sheriff’s Department and every effort is being made to recover the equipment.
The district has reported the incident to the Texas Education Agency Test Security Task Force and will comply with whatever action they require.
"This incident is highly regrettable and the district is looking at potential security precautions to protect the students’ personal information in the future," Curry said.
[Evan] I'm sure that the district regrets the incident, but careless acts have consequences and this should have been known beforehand.
Anyone with information about the theft is urged to call the Harris County Sheriff's Office Burglary and Theft Division at or the Spring ISD Police Department at .
Commentary:
I try to be politically correct in many of my comments although sometimes I push the boundaries. I can't think of a word right now that adequately expresses my thoughts. Where was common sense? It could be argued that many breaches we read about entail a certain amount of dumbness, but this one definitely strikes a chord.
Who in their right mind would allow highly-confidential personal information to be carried around on mobile devices? Without encryption? When it isn't necessary? It puzzles me.
I feel like I should say more, but my high blood pressure has gone high enough for the day. I should rest.
Past Breaches:
Unknown
Date Reported:5/16/08
Organization:
Spring Independent School District ("Spring ISD")
Contractor/Consultant/Branch:
None
Victims:
Students
Number Affected:
~8,000
Types of Data:
"personal information, including name, social security number or state-assigned identification number, gender, name of school, grade and birthday"
Breach Description:
"Spring ISD has been informing the parents of about 8,000 students of an incident that occurred in the evening on Wednesday, May 14 that involves the students’ personal information. The Spring ISD testing coordinator’s car was broken into while she was making a stop at a business on her way home from work that evening and a Spring ISD laptop computer and an external flash drive were stolen."
Reference URL:
Spring ISD News
Houston Chronicle
ABC Channel 13 News
Report Credit:
Spring ISD
Response:
From the online sources cited above:
Spring ISD has been informing the parents of about 8,000 students of an incident that occurred in the evening on Wednesday, May 14 that involves the students’ personal information.
The Spring ISD testing coordinator’s car was broken into while she was making a stop at a business on her way home from work that evening and a Spring ISD laptop computer and an external flash drive were stolen.
[Evan] The fact that the district allows personal student information to be stored on mobile devices is very troubling. There is no mention of encryption, so I will assume that there was none. This is very careless.
The coordinator's computer bag was stolen from her vehicle between 5:30 and 7 p.m. Wednesday when she stopped to run an errand near Mason Road and Beltway 8, on her way home from work
The coordinator had the laptop, Curry said, because the job responsibilities often require her to work nights and weekends.
[Evan] Fine. This is the reason why many organizations use laptops. The problem is the lack of control and security. If an organization decides to employ laptops, then the organization MUST ensure that they are adequately protected.
The flash drive contains the Texas Assessment of Knowledge and Skills (TAKS) results of third and fifth graders who have taken the first round of reading and math tests, eighth graders who have taken the first round of math tests and 11th and 12th graders who have taken the exit level retest.
In addition, the drive contains the students’ personal information, including name, social security number or state-assigned identification number, gender, name of school, grade and birthday.
[Evan] Why in the *&^$ does a testing coordinator have Social Security numbers on a laptop and/or flash drive?! A Social Security number should have no correlation to testing scores.
This also applies to students who are in those testing groups but were absent when the testing took place.
Personal phone calls were made to the parents of these students on Thursday, letters were sent home with students and the letters are being mailed to homes also in an effort to help parents quickly take steps to protect their children from identity theft.
"The district immediately contacted federal agencies to make them aware of the theft, and we are checking to see whether there is any thing else we can do on behalf of the individual students. In the meantime, we urge parents to use the information we have provided," said Regina Curry, assistant superintendent for communications and community relations.
The theft is being investigated by the Harris County Sheriff’s Department and every effort is being made to recover the equipment.
The district has reported the incident to the Texas Education Agency Test Security Task Force and will comply with whatever action they require.
"This incident is highly regrettable and the district is looking at potential security precautions to protect the students’ personal information in the future," Curry said.
[Evan] I'm sure that the district regrets the incident, but careless acts have consequences and this should have been known beforehand.
Anyone with information about the theft is urged to call the Harris County Sheriff's Office Burglary and Theft Division at or the Spring ISD Police Department at .
Commentary:
I try to be politically correct in many of my comments although sometimes I push the boundaries. I can't think of a word right now that adequately expresses my thoughts. Where was common sense? It could be argued that many breaches we read about entail a certain amount of dumbness, but this one definitely strikes a chord.
Who in their right mind would allow highly-confidential personal information to be carried around on mobile devices? Without encryption? When it isn't necessary? It puzzles me.
I feel like I should say more, but my high blood pressure has gone high enough for the day. I should rest.
Past Breaches:
Unknown
Posts Atom 1.0
Comments