BreachExchange mailing list archives
Florida Department of Education Warns Teacher Preparation Participants of Error in Data Safety
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Mon, 24 Jun 2013 10:30:30 -0500
http://www.wctv.tv/news/floridanews/headlines/Florida-Department-of-Education-Warns-Teacher-Preparation-Participants-of-Error-in-Data-Safety--212633711.htmlTallahassee, Fla., June 21, 2013 – Personal information of teacher preparation program participants was exposed on the Internet during a transfer of data between servers housed at Florida State University, the entity performing work under contract with the Florida Department of Education. During the transfer in late May, FSU’s Florida Center for Interactive Media moved the data to a new server, but failed to enact security measures to restrict access to only authorized individuals. For a period of 14 days, personal information of about 47,000 preparation program participants was publically accessible. DOE was made aware of the failure to properly secure the data on June 11 and immediately worked with university officials to close the access, clear all cached data files, and run security checks to ensure the information was only accessible by authorized users. An initial investigation indicates the personal information may have been accessed 23 times via Google, which may have included unauthorized access. There is no indication the data has been used inappropriately. The university and the department are notifying through all possible means any individuals whose information may have been exposed. “This is unacceptable. All Floridians deserve our unceasing protection of their personal information and must have confidence that it will never be exposed for the potential of illegal use,” said Commissioner of Education Tony Bennett. “I have ordered a top to bottom review of the security of every database and our staff is expediting the transfer of all confidential information into servers directly monitored and secured by the department.” "The university takes the protection of personal information very seriously and took immediate action to remedy the situation,” said Liz Maryanski, FSU’s vice president for university relations. “We are working closely with the Department of Education to notify those affected and will continue to assist." In addition to contacting those that may have been affected, the department will have staff available Monday to assist anyone who may have been impacted. That number is 866-507-1109 and will be in operation Monday afternoon. The cost of ID protection will be provided for those affected. While the incident is being investigated, program participants who suspect their Social Security number or other personal information may have been misused or that they may be the victim of identity theft should contact the Federal Trade Commission at www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-888-438-4338). Affected persons may also call their local sheriff's office and file a police report of identity theft, keeping a copy of the police report. To protect themselves from the possibility of identity theft, individuals are encouraged to place a free fraud alert on their credit files. A fraud alert notifies creditors to contact individuals before opening new accounts in their name. Call any one of the three major credit reporting agencies at the numbers below to place a fraud alert and receive letters from the agencies with instructions on how to receive a free copy of their credit report. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Florida Department of Education Warns Teacher Preparation Participants of Error in Data Safety Erica Absetz (Jun 24)