Police inform Fort Wayne Community Schools of breach
Technorati Tag: Security Breach
Date Reported:
9/24/08
Organization:
Fort Wayne Community Schools
Contractor/Consultant/Branch:
None
Location:
Fort Wayne, Indiana
Victims:
Current and former employees
Number Affected:
"at least 3,300"
Types of Data:
"names, Social Security numbers, dates of birth and other information"
Breach Description:
"The personal information of thousands of current and former Fort Wayne Community Schools employees was found on a man arrested on forgery and counterfeiting charges"
Reference URL:
The Journal Gazette
Associated Press via Chicago Tribune
WANE News Channel 15
Report Credit:
Kelly Soderlund, The Journal Gazette
Response:
From the online sources cited above:
The personal information of thousands of current and former Fort Wayne Community Schools employees was found on a man arrested on forgery and counterfeiting charges, school officials and police said Wednesday.
Steven Brown, arrested Sept. 17 by Fort Wayne police, was found with a life insurance document that included the names, Social Security numbers, dates of birth and other information of every FWCS employee who received those benefits in 2004
[Evan] This is a treasure trove of identity information. The fact that Mr. Brown is already an alleged criminal makes me nervous about his intentions for using the information.
(Source: WANE News Channel 15)
police obtained a search warrant for 50-year-old Steven Brown of Fort Wayne
"We came across these papers, which totaled some 93 sheets. On each sheet were 36 names. And it was clear that these names corresponded to Fort Wayne Community Schools,"
93x36: that's at least 3,300 employees whose vital information was compromised
Brown was in the Allen County Jail Thursday
The document was a quarterly report sent from The Terrell Co., the term life insurance broker, to North American Benefits Co. detailing participants in the FWCS program.
[Evan] Did the "quarterly report" require the inclusion of Social Security numbers?
Current FWCS employees were notified of the breach via e-mail Wednesday afternoon.
Officials are working to find the addresses of any retired or former employees who worked in the district in 2004 to send them letters of notification
FWCS officials were notified by police late Tuesday
Police do not believe the information was used to steal anyone's identity, but school officials are encouraging employees who have had their identity stolen in the last four years to notify police to see whether there is a connection
[Evan] I heard somewhere that people have to identify how their identity was stolen in order to recover it. Is this true?
"We do want people to be aware this is something that could happen anywhere, anytime," Stockman said (FWCS spokeswoman Krista Stockman)
"This isn't something that happened because of something that Fort Wayne Community Schools did. We did not lose the information. It was not a breach on our part. We simply found out there was a breach and wanted to make sure people were aware." (Stockman)
[Evan] I agree that FWCS was not directly responsible for this breach, but I do believe that they have some responsibility. They do too; otherwise they would not be reaching out with notification efforts. Organizations need to understand that information security responsibility does not end when information is shared with business partners (in this case the insurance company).
"There may be reason to believe that there was some identity theft in relation to this," Stockman said.
Commentary:
Nobody seems to be sure how Steven Brown came into the possession of the sensitive documents referenced in this incident. Mr. Brown was being investigated as being a member of a "counterfeit, check-forging type of operation," according to the Fort Worth Police Department. The police executed a search warrant for Mr. Brown's residence and discovered the sensitive documents. I don't think Mr. Brown worked for FWCS, and the insurance agent Phil Terrell states "I don't know anything about this person, he never worked for me. I was first made aware of it when the school contacted me yesterday".
So the question of the day about this breach is; how did Mr. Brown get the sensitive personal information?
Past Breaches:
Unknown
Date Reported:9/24/08
Organization:
Fort Wayne Community Schools
Contractor/Consultant/Branch:
None
Location:
Fort Wayne, Indiana
Victims:
Current and former employees
Number Affected:
"at least 3,300"
Types of Data:
"names, Social Security numbers, dates of birth and other information"
Breach Description:
"The personal information of thousands of current and former Fort Wayne Community Schools employees was found on a man arrested on forgery and counterfeiting charges"
Reference URL:
The Journal Gazette
Associated Press via Chicago Tribune
WANE News Channel 15
Report Credit:
Kelly Soderlund, The Journal Gazette
Response:
From the online sources cited above:
The personal information of thousands of current and former Fort Wayne Community Schools employees was found on a man arrested on forgery and counterfeiting charges, school officials and police said Wednesday.
Steven Brown, arrested Sept. 17 by Fort Wayne police, was found with a life insurance document that included the names, Social Security numbers, dates of birth and other information of every FWCS employee who received those benefits in 2004
[Evan] This is a treasure trove of identity information. The fact that Mr. Brown is already an alleged criminal makes me nervous about his intentions for using the information.
(Source: WANE News Channel 15)
police obtained a search warrant for 50-year-old Steven Brown of Fort Wayne
"We came across these papers, which totaled some 93 sheets. On each sheet were 36 names. And it was clear that these names corresponded to Fort Wayne Community Schools,"
93x36: that's at least 3,300 employees whose vital information was compromised
Brown was in the Allen County Jail Thursday
The document was a quarterly report sent from The Terrell Co., the term life insurance broker, to North American Benefits Co. detailing participants in the FWCS program.
[Evan] Did the "quarterly report" require the inclusion of Social Security numbers?
Current FWCS employees were notified of the breach via e-mail Wednesday afternoon.
Officials are working to find the addresses of any retired or former employees who worked in the district in 2004 to send them letters of notification
FWCS officials were notified by police late Tuesday
Police do not believe the information was used to steal anyone's identity, but school officials are encouraging employees who have had their identity stolen in the last four years to notify police to see whether there is a connection
[Evan] I heard somewhere that people have to identify how their identity was stolen in order to recover it. Is this true?
"We do want people to be aware this is something that could happen anywhere, anytime," Stockman said (FWCS spokeswoman Krista Stockman)
"This isn't something that happened because of something that Fort Wayne Community Schools did. We did not lose the information. It was not a breach on our part. We simply found out there was a breach and wanted to make sure people were aware." (Stockman)
[Evan] I agree that FWCS was not directly responsible for this breach, but I do believe that they have some responsibility. They do too; otherwise they would not be reaching out with notification efforts. Organizations need to understand that information security responsibility does not end when information is shared with business partners (in this case the insurance company).
"There may be reason to believe that there was some identity theft in relation to this," Stockman said.
Commentary:
Nobody seems to be sure how Steven Brown came into the possession of the sensitive documents referenced in this incident. Mr. Brown was being investigated as being a member of a "counterfeit, check-forging type of operation," according to the Fort Worth Police Department. The police executed a search warrant for Mr. Brown's residence and discovered the sensitive documents. I don't think Mr. Brown worked for FWCS, and the insurance agent Phil Terrell states "I don't know anything about this person, he never worked for me. I was first made aware of it when the school contacted me yesterday".
So the question of the day about this breach is; how did Mr. Brown get the sensitive personal information?
Past Breaches:
Unknown
Posts Atom 1.0
I believe you get your identity back from the same place that you retrieve your reputation when you are not found innocent at a criminal trial. It's very convenient; if your identity is stolen and you are accused of committing a crime which was committed by the identity thief, but found innocent because your identity was stolen, you can retrieve your identity and your reputation all from one place and at the same time!
Reply to this