Pocono Mountain School District "irregularities"
Technorati Tag: Security Breach
Date Reported:
5/30/08
Organization:
Pocono Mountain School District
Contractor/Consultant/Branch:
None
Victims:
Students and parents
Number Affected:
Unknown*
*"SCHOOL DISTRICT ENROLLMENT (2007-2008) 11,500 students K-12 (Current as of Oct. 17, 2007)"
Types of Data:
"Student ID, network password, SSN if provided, ethnicity, gender, birthdate, grade, grade year, building no., building name, homeroom no., homeroom teacher, attendance code (if absent today), dietary allergies (for food services), bus assignment, free/reduced lunch status, home phone, primary home mailing address, secondary mailing address, parent names, parent phone numbers, emergency contact names, and emergency contact phone numbers"
Breach Description:
"An apparent cyber break-in of Pocono Mountain School District's computer system has put at potential risk personal information about students and parents, the district announced Friday.
District Superintendent Dwight Pfennig sent home letters on Friday afternoon telling parents about the apparent breach, which the district found out about the previous evening, according to Wendy Frable, director of public information."
Reference URL:
Pocono Mountain School District "Letter to Parents"
Pocono Record
The Morning Call
Report Credit:
Pocono Mountain School District
Response:
From the online sources cited above:
A hacker apparently broke into the computers at Pocono Mountain School District and may have tapped into confidential information concerning students and their parents, the district's superintendent said Friday.
[Evan] This statement is provided by Joe McDonald of The Morning Call. It is unclear if a "hacker" breached the system or if there was another cause for the "irregularities" reported at the school.
District Superintendent Dwight Pfennig sent home letters on Friday afternoon telling parents about the apparent breach, which the district found out about the previous evening, according to Wendy Frable, director of public information.
[Evan] This is a quick notification. I think it is possible to be too quick in notifying victims, almost like The Boy Who Cried Wolf. It seems as though the school has not gathered the facts required to make a proper notification. Judge for yourself.
Frable said the district's technical staff had noted some irregularities during a routine security check Thursday night. "They detected some activity that seemed a little unusual," she said.
The technical staff is checking to see to what extent any personal information — and to whom it may belong — had been compromised.
The district referred the matter to Pennsylvania State Police at Swiftwater for further investigation, Frable said.
The information that may have been compromised includes the following: Student ID, network password, SSN if provided, ethnicity, gender, birthdate, grade, grade year, building no., building name, homeroom no., homeroom teacher, attendance code (if absent today), dietary allergies (for food services), bus assignment, free/reduced lunch status, home phone, primary home mailing address, secondary mailing address, parent names, parent phone numbers, emergency contact names, and emergency contact phone numbers.
"We don't know if anything was accessed," she said, adding that the district will contact anyone whose data had been found to be compromised. Frable also said that very few records include children's Social Security numbers.
[Evan] A breach involving children's personal information is especially bothersome.
We have conducted an internal investigation and suggest you take the following preventative measures now to help prevent and detect any misuse of your or your child’s information.
"As a first step to protect yourself from the possibility of identity theft, we recommend you closely monitor any accounts that may contain any or some of this information," Pfennig wrote in his letter to parents.
If you see any unauthorized activity, promptly contact your service provider and or office of the Executive Director of Technology at Ext. 10151.
"We're just trying to do what's right by everyone," Frable said. "There's no reason to panic anyone, but people should just be cautious."
[Evan] Understandable, but some people will panic anyway. This is why it’s a good idea to gather facts before notification.
Parents got the letters when their children returned at the end of the school day, and at least one parent felt the school was being rather nonchalant.
''It sounds to me like they're trying to downplay it,'' said Ralph Ortega, who lives in Jackson Township. ''It's incredibly vague.''
[Evan] I agree. I question whether this is because there aren't enough facts available yet, or whether the school is not being square with the victims.
Commentary:
This breach leaves us with more questions than answers. People will speculate where there is a lack of clarity. I hope students and parents get the answers to the questions that they should demand answers too.
Past Breaches:
Unknown
Date Reported:5/30/08
Organization:
Pocono Mountain School District
Contractor/Consultant/Branch:
None
Victims:
Students and parents
Number Affected:
Unknown*
*"SCHOOL DISTRICT ENROLLMENT (2007-2008) 11,500 students K-12 (Current as of Oct. 17, 2007)"
Types of Data:
"Student ID, network password, SSN if provided, ethnicity, gender, birthdate, grade, grade year, building no., building name, homeroom no., homeroom teacher, attendance code (if absent today), dietary allergies (for food services), bus assignment, free/reduced lunch status, home phone, primary home mailing address, secondary mailing address, parent names, parent phone numbers, emergency contact names, and emergency contact phone numbers"
Breach Description:
"An apparent cyber break-in of Pocono Mountain School District's computer system has put at potential risk personal information about students and parents, the district announced Friday.
District Superintendent Dwight Pfennig sent home letters on Friday afternoon telling parents about the apparent breach, which the district found out about the previous evening, according to Wendy Frable, director of public information."
Reference URL:
Pocono Mountain School District "Letter to Parents"
Pocono Record
The Morning Call
Report Credit:
Pocono Mountain School District
Response:
From the online sources cited above:
A hacker apparently broke into the computers at Pocono Mountain School District and may have tapped into confidential information concerning students and their parents, the district's superintendent said Friday.
[Evan] This statement is provided by Joe McDonald of The Morning Call. It is unclear if a "hacker" breached the system or if there was another cause for the "irregularities" reported at the school.
District Superintendent Dwight Pfennig sent home letters on Friday afternoon telling parents about the apparent breach, which the district found out about the previous evening, according to Wendy Frable, director of public information.
[Evan] This is a quick notification. I think it is possible to be too quick in notifying victims, almost like The Boy Who Cried Wolf. It seems as though the school has not gathered the facts required to make a proper notification. Judge for yourself.
Frable said the district's technical staff had noted some irregularities during a routine security check Thursday night. "They detected some activity that seemed a little unusual," she said.
The technical staff is checking to see to what extent any personal information — and to whom it may belong — had been compromised.
The district referred the matter to Pennsylvania State Police at Swiftwater for further investigation, Frable said.
The information that may have been compromised includes the following: Student ID, network password, SSN if provided, ethnicity, gender, birthdate, grade, grade year, building no., building name, homeroom no., homeroom teacher, attendance code (if absent today), dietary allergies (for food services), bus assignment, free/reduced lunch status, home phone, primary home mailing address, secondary mailing address, parent names, parent phone numbers, emergency contact names, and emergency contact phone numbers.
"We don't know if anything was accessed," she said, adding that the district will contact anyone whose data had been found to be compromised. Frable also said that very few records include children's Social Security numbers.
[Evan] A breach involving children's personal information is especially bothersome.
We have conducted an internal investigation and suggest you take the following preventative measures now to help prevent and detect any misuse of your or your child’s information.
"As a first step to protect yourself from the possibility of identity theft, we recommend you closely monitor any accounts that may contain any or some of this information," Pfennig wrote in his letter to parents.
If you see any unauthorized activity, promptly contact your service provider and or office of the Executive Director of Technology at Ext. 10151.
"We're just trying to do what's right by everyone," Frable said. "There's no reason to panic anyone, but people should just be cautious."
[Evan] Understandable, but some people will panic anyway. This is why it’s a good idea to gather facts before notification.
Parents got the letters when their children returned at the end of the school day, and at least one parent felt the school was being rather nonchalant.
''It sounds to me like they're trying to downplay it,'' said Ralph Ortega, who lives in Jackson Township. ''It's incredibly vague.''
[Evan] I agree. I question whether this is because there aren't enough facts available yet, or whether the school is not being square with the victims.
Commentary:
This breach leaves us with more questions than answers. People will speculate where there is a lack of clarity. I hope students and parents get the answers to the questions that they should demand answers too.
Past Breaches:
Unknown
Posts Atom 1.0
Comments