Today Monsters and Critics reported, “Indianapolis Public Schools exposes thousands to risk of identity theft.”
Apparently the Indianapolis Public Schools (IPS) website “that allows teachers to post reviews, student-writing samples, grades, and other confidential material to the IPS network” was implemented and configured without much attention to security.
“‚ÄúOn May 16 IPS was approached by the Indianapolis Star and told that it is possible to access confidential information kept in IPS Online, including Social Security numbers, by using the Google search engine. The content at risk was uploaded to the My Content and My Files areas,‚Äù said the school system in a press release. After the reporter from the Star News informed IPS of the exposure, the school system moved to correct the issue and fix the leak.”
Google still had copies of many of the PII records in its cache.
Yes, once information is available on the Internet it will pretty much live on infinitely with all the search engine caching and mirrored sites that exist, much to the delight of the criminals, fraudsters and ne’er-do-wells that enjoy using it for their own vices and money-making activities.
“Many of the exposed teachers and parents of the students expressed privacy concerns. The information currently cached gives way to the possible situation that it was downloaded before the reporter located the flaw. This places students at risk for identity theft and could make them vulnerable to various types of predators. There is also the chance that the district could face a state or federal inquiry if parents file complaints. IPS could also face lawsuits if any of the information was misused. That would cause more financial havoc on the already poorly funded public school system.”
This points out some of the many negative impacts to organizations for a privacy breach.
One more example to add to your files for why it is a necessity to building information security and privacy into every application and system, from project envisioning and at every step through to retirement.
I’ve talked about this many times before, and cover this in a 2-day seminar which I will be giving next in June, but it is worth repeating. In fact, I think I will again…
It is a necessity to build information security and privacy into every application and system, from project envisioning and at every step along the way through to retirement.
Tags: awareness and training, corporate governance, Information Security, IT compliance, policies and procedures, privacy, privacy breach, privacy incident, SDLC