Το εκπαιδευτικό ίδρυμα Park Hill School District στο Κάνσας των Ηνωμένων Πολιτειών ανακοίνωσε ότι τα προσωπικά δεδομένα περισσότερων από 10.000 πρώην μαθητών και εργαζομένων βρίσκονται πιθανότατα σε κίνδυνο, καθώς διέρρευσαν στο διαδίκτυο.

Μεταξύ των δεδομένων αυτών περιλαμβάνονται αριθμοί κοινωνικής ασφάλισης, εγγραφές μαθητών, πληροφορίες προσωπικού και αξιολογήσεις εργαζομένων.

Τα ευαίσθητα δεδομένα κυκλοφόρησαν στο διαδίκτυο, εξαιτίας της απροσεξίας ενός πρώην υπαλλήλου, και εκτιμάται ότι ήταν προσβάσιμα από τον οποιονδήποτε, για αρκετούς μήνες.

Σύμφωνα με εκπροσώπους του εκπαιδευτικού ιδρύματος, ο πρώην εργαζόμενος έκανε download τα αρχεία σε ένα σκληρό δίσκο, χωρίς εξουσιοδότηση. Όταν ο υπάλληλος συνέδεσε την μονάδα δίσκου στον προσωπικό του υπολογιστή και αφού συνδέθηκε στο οικιακό του δίκτυο, τα δεδομένα διέρρευσαν κατά λάθος στο internet.

Το εκπαιδευτικό ίδρυμα δήλωσε πως συνεργάστηκε άμεσα με τον εργαζόμενο, το FBI αλλά και την Google, για να αποσύρουν τα αρχεία από το διαδίκτυο.

Μέχρι στιγμής δεν έχουν προκύψει στοιχεία που να αποδεικνύουν την υποκλοπή ή την κατάχρηση των προσωπικών δεδομένων, ωστόσο το ίδρυμα ενημέρωσε προληπτικά όλους τους επηρεαζόμενους, και τους παρείχε δωρεάν υπηρεσίες ελέγχου ταυτότητας, βοηθώντας τους να προστατευτούν από απάτες.





Park Hill data security breach affects more than 10,000 students and employees 

 

The Park Hill School District has notified more than 10,000 current and former district employees and students that a data security breach may have compromised their personal information.

The information included Social Security numbers, student records, personnel information and employee evaluations, the district said Tuesday.

The district has found no evidence of identity theft or misuse of the data, Superintendent Scott Springston said.

“The district apologizes for any inconvenience that this may have caused those affected,” he said. “We are doing everything that we can do to assist those that are affected.”

The breach occurred in January or February, the district said, when a worker without permission downloaded student and staff records from a work computer onto a hard drive. 

That information was accessible online after the worker, who left the district’s employment a short time later, connected the hard drive to a home network.

District officials did not learn about the breach until April 1, when a district resident notified them. The person had called up the information with a Google search. 

The district worked with the former employee as well as the FBI and Google and had access to those records removed on April 5.

The district chose not to release information about the breach in April because it first wanted to identify those directly affected, spokeswoman Nicole Kirby said.

Identity thieves can use Social Security numbers to open lines of credit and file fraudulent tax returns that allow them to receive refunds.

Springston said he did not know why the former employee downloaded the information or what the employee planned to do with it. However, he said, district officials don’t think the employee had any criminal intent. He said he could not identify the worker or say why he or she is no longer with the district.

Letters alerting the 10,210 people affected were sent out Monday and Tuesday, Springston said.

Once the breach was contained, the district hired digital forensics experts and reviewed 13,704 documents to identify those who were affected. It took several months to complete that effort, the district said.

Officials learned that the records of 6,900 students were compromised. The district has more than 10,000 students. The remaining records contained sensitive information of former and current district employees.

The district is working to update its policies that prohibit employees from taking or downloading personnel data and student records. Those who have access to that information are required to receive training.

In addition, the district is providing free identity monitoring services to those affected by the security breach.

“We are developing our policies to make sure that this type of data breach doesn’t happen again in the future,” Springston said.

http://www.kansascity.com/news/local/article690784.html

0 σχόλια:

Δημοσίευση σχολίου

top