Dickson County School District employee information stolen
Technorati Tag: Security Breach
Date Reported:
6/11/08
Organization:
Dickson County School District
Contractor/Consultant/Branch:
None
Victims:
"employees who worked for Dickson County schools in the 2006-2007 school year"
Number Affected:
850
Types of Data:
Payroll information including names, addresses and Social Security numbers
Breach Description:
"DICKSON, Tenn. -- A laptop computer containing personal employee information disappeared over the weekend from the office of Dickson County's top school official."
Reference URL:
WSMV Channel 4 News
WZTV Channel 17 News
The Tennessean
Report Credit:
Chris Tatum, WSMV Channel 4 News
Response:
From the online sources cited above:
A laptop computer containing the Social Security numbers and payroll information of all the employees of the Dickson County school system has been stolen, and authorities are warning school officials to watch their bank accounts.
[Evan] Is a physically and technically unsecure mobile device a good place to store confidential information? You probably know the answer to this already.
The computer belongs to the new director of schools and was loaded with the name and Social Security number of every school employee from the 2006-2007 school year, a total of 850.
"It's all public record except for the Social Security numbers," Johnny Chandler
[Evan] Well yeah, except for the Social Security numbers! What the &@*#?
"It came up missing over the weekend, sometime between Friday until Monday," said Dickson County school superintendent Johnny Chandler.
Chandler became the district's school superintendent last week and said that the laptop was on this desk when the office closed Friday evening.
[Evan] I couldn't find any mention of whether or not the office itself was locked or secured. I presume that it was not. This is not a very good start to Mr. Chandler's tenure.
Police have launched an investigation, but found no signs of a break-in and haven't ruled out someone within the building being the cause of the theft.
Employees at the Board of Education and police investigators believe the person who stole the laptop walked right through the door without forced entry.
Chandler admits that a cleaning crew, several staff and students for a retirement party came into the building over the weekend.
He has warned all school employees to keep a close eye on their credit reports.
We sent letters to everyone that was on that database in '06 and '07
Chandler assures school employees that he'll make sure this never happens again.
[Evan] How?
"All of our laptop computers will not be allowed to have any personal information concerning any employee or student," said Chandler.
[Evan] This is one good step. Will this be in policy? Will employees be trained and made periodically aware of this mandate? How will this be enforced? Will this mandate include other mobile devices and media such as CDs, thumb drives, etc.?
He said the laptop is double password protected.
[Evan] Sounds impressive, doesn't it.
"It has a double password so it would take a computer genius to get into it."
[Evan] I am certainly no genius, but I am pretty sure I could get into it!
Chandler said he plans to upgrade the security system at the school board building.
In the meantime, workers will lock up any equipment that contains sensitive information when they're not using it.
Dickson police said they are notifying local pawn shops to be on the lookout for the stolen laptop.
Director Vivian McCord says, "I really wish they would return it."
"The office it was taken from was next to the computer office and there were multiple computers next door in that room. So I really feel like it was just a quick little taking of a computer."
Anyone with information should call the Dickson Police Department at
Commentary:
We see these kinds of breaches all the time, but why? It is frustrating.
Too many people collect and store personal information and are oblivious to the risks. A laptop computer + confidential information + unlocked office - encryption = unacceptable risk for most prudent people. A simplistic point, but you get it.
Past Breaches:
Unknown
Date Reported:6/11/08
Organization:
Dickson County School District
Contractor/Consultant/Branch:
None
Victims:
"employees who worked for Dickson County schools in the 2006-2007 school year"
Number Affected:
850
Types of Data:
Payroll information including names, addresses and Social Security numbers
Breach Description:
"DICKSON, Tenn. -- A laptop computer containing personal employee information disappeared over the weekend from the office of Dickson County's top school official."
Reference URL:
WSMV Channel 4 News
WZTV Channel 17 News
The Tennessean
Report Credit:
Chris Tatum, WSMV Channel 4 News
Response:
From the online sources cited above:
A laptop computer containing the Social Security numbers and payroll information of all the employees of the Dickson County school system has been stolen, and authorities are warning school officials to watch their bank accounts.
[Evan] Is a physically and technically unsecure mobile device a good place to store confidential information? You probably know the answer to this already.
The computer belongs to the new director of schools and was loaded with the name and Social Security number of every school employee from the 2006-2007 school year, a total of 850.
"It's all public record except for the Social Security numbers," Johnny Chandler
[Evan] Well yeah, except for the Social Security numbers! What the &@*#?
"It came up missing over the weekend, sometime between Friday until Monday," said Dickson County school superintendent Johnny Chandler.
Chandler became the district's school superintendent last week and said that the laptop was on this desk when the office closed Friday evening.
[Evan] I couldn't find any mention of whether or not the office itself was locked or secured. I presume that it was not. This is not a very good start to Mr. Chandler's tenure.
Police have launched an investigation, but found no signs of a break-in and haven't ruled out someone within the building being the cause of the theft.
Employees at the Board of Education and police investigators believe the person who stole the laptop walked right through the door without forced entry.
Chandler admits that a cleaning crew, several staff and students for a retirement party came into the building over the weekend.
He has warned all school employees to keep a close eye on their credit reports.
We sent letters to everyone that was on that database in '06 and '07
Chandler assures school employees that he'll make sure this never happens again.
[Evan] How?
"All of our laptop computers will not be allowed to have any personal information concerning any employee or student," said Chandler.
[Evan] This is one good step. Will this be in policy? Will employees be trained and made periodically aware of this mandate? How will this be enforced? Will this mandate include other mobile devices and media such as CDs, thumb drives, etc.?
He said the laptop is double password protected.
[Evan] Sounds impressive, doesn't it.
"It has a double password so it would take a computer genius to get into it."
[Evan] I am certainly no genius, but I am pretty sure I could get into it!
Chandler said he plans to upgrade the security system at the school board building.
In the meantime, workers will lock up any equipment that contains sensitive information when they're not using it.
Dickson police said they are notifying local pawn shops to be on the lookout for the stolen laptop.
Director Vivian McCord says, "I really wish they would return it."
"The office it was taken from was next to the computer office and there were multiple computers next door in that room. So I really feel like it was just a quick little taking of a computer."
Anyone with information should call the Dickson Police Department at
Commentary:
We see these kinds of breaches all the time, but why? It is frustrating.
Too many people collect and store personal information and are oblivious to the risks. A laptop computer + confidential information + unlocked office - encryption = unacceptable risk for most prudent people. A simplistic point, but you get it.
Past Breaches:
Unknown
Posted by Evan Francen at 6/12/2008 11:43 AM 
Categories: Dickson County School District, Stolen Laptop
Categories: Dickson County School District, Stolen Laptop
Posts Atom 1.0
Comments