Title 26 January 2011 Hackers broke into the computer system at a New Jersey school district and gained access to student records system used by 160 schools.
Jan 02, 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Title
26 January 2011
Hackers broke into the computer system at a New Jersey school district and gained access to student records system used by 160 schools across the state.
The online hacker group 4chan was able to discover the password for the system and post it on its message board, enabling 4chan users to infiltrate the Genesis Student Information System used by the Plainfield, New Jersey, school district, according to a report by ComputerWorld. The Genesis system is used to manage student records and communicate with students and parents.
It is not clear whether any information was stolen, but the 4chan users posted screenshots showing how they were able to manipulate the school’s Genesis system. One screenshot showed lunch prices reset to $9000 per meal. Another post said that “every class is now elective, and requires only 1 credit to graduate”, according to the report.
Source: Infosecurity.com
Why PTAC?
• SALEM, Ore. -- The Oregon Department of Corrections revealed Wednesday that personal data on hundreds of its employees may have been found on a portable "thumb drive," including payroll information and Social Security numbers, but said all indications are that it was accidental and there's no indication any of the info was misused.
• The agency received word on Jan. 27 of the potential information security breach from a non-employee, member of the public. The breach involved a thumb drive that "allegedly contained personally identifiable information about DOC employees," the department said.
Source: ktvz.com
Why PTAC?
14 February 2011
Just days before Valentine’s Day, the online dating service eHarmony said its dating advice site was hacked, exposing names, emails, and passwords of the site’s users.
Source: Infosecurity.com
Why PTAC
February 17th, 2011 – Charleston, WV
A recent data breach at a research subsidiary of an area medical center prompted the state’s attorney general to shut down a compromised website and take steps to protect the nearly 4,000 patients.
The company has hired an outside risk management group to prevent future security problems..
5
Source: Modernhealthcare.com
Public Scrutiny
“Most states collected in excess of what is
needed..”
“We found that, given the detailed and sensitive
nature of the information collected, the
databases generally had weak privacy
protections.”
6
Source: law.fordham.edu
Shrinking budgets
Lack of resources for security?
Use the Privacy TA Center!!
7
Privacy TA Center Mission
The Privacy TA Center is designed to provide states with:
• A set of tools, resources, and other opportunities for states to receive assistance with privacy, security, and confidentiality of student-level longitudinal data systems.
• A means for states to share their best practices, documents, and other relevant resources in the areas of privacy, security, and confidentiality.
• A focal point for queries and responses to the privacy-related needs of State Education Agencies (SEAs), Local Education Agencies (LEAs), and Institutions of Higher Education (IHEs) in a confidential, safe environment.
• A set of resources to promote compliance with FERPA and other best practices for ensuring the confidentiality and security of personally identifiable information.
Privacy TA Team
ED Program Manager: Emily Anthony
Project Director: Baron Rodriguez
Subject Matter Experts:
Tom Szuba, Anthony Bargar, Mark Hall
Help Desk Support: Dan Boland
9
FERPA NEWS - NPRM
• Proposed amendments would strengthen enforcement provisions under FERPA to cover additional recipients of information and clarify how States can effectively develop and use data in Statewide longitudinal data systems (SLDS) authorized under the American Recovery and Reinvestment Act of 2009 (ARRA) while ensuring protection of individual privacy under FERPA.
• The contents of the NPRM will be made available to the public when it is published in the Federal Register.
FERPA NEWS - NPRM
• Submit comments in writing & by the due date, according to the method specified in the Federal Register
• Be specific (the more concrete your recommendations are, the more useful it is to inform the final rule) • “I don’t like this” isn’t an actionable comment
• YOUR COMMENTS ARE CRITICAL TO HELPING US MAKE THE FINAL FERPA CHANGES
PTAC Resources Available
12
EVENTS
Regional Meetings
• Northeast/West regional meeting – EIMAC, Washington, DC – April 18th.• Tentative Agenda
• Latest on FERPA/NPRM• Guest speakers: ED Chief Privacy Officer, and/or Melanie Muenzer• Cyber Security session • State Privacy & Security Roundtables• Best practice sessions from fellow states (ideas?)
• Midwest Regional: June/July – Chicago or Detroit
• Southern Regional: August/September – Atlanta
TYPES OF RESOURCES AVAILABLE from Privacy TA Center
• ED Experts• Chief Privacy Officer• Family Policy Compliance Office• NCES Experts • Office of General Council
Site Visits
• Voluntary!• Designed to assist states with their privacy
and security needs.• Not an audit of security or compliance.• Can provide independent, objective, third
party assistance in the areas of SLDS and Cyber Security.
• If interested, send request to [email protected]
Expert help (through Site Visits)
• Audit response assistance• Independent validation of
implementation recommendations as a result of security review.
• Security policy reviews• Governance assistance (multi-agency)• Facilitation of multi-agency
privacy/security discussions.
Website: http://nces.ed.gov/programs/ptac/
• Request assistance
• Upcoming events
• Subscribe to email list
• Recent relevant ED publications
• Privacy TA Center publications
• Best practice guidelines
• Frequently Asked Questions
• Latest FERPA news
• Other on-line recommended resources
Webinar Series
March: NCES Brief – Data Stewardship
April: NPRM Latest News
May: Threats to your data, what you should know
June: FERPA & Interagency data exchange
July/August: ???
Example of Templates/Tools (coming soon)
• Security Checklists• Sample Memorandums of Understanding
• Sample Acceptable Use Policies
19
Feedback Session
1. What kinds of resources would be helpful to you for the Privacy TA Center to provide?
2. What topics would be most useful for a regional meeting?
3. What briefings from ED would be especially helpful to you around privacy and confidentiality?
4. Other recommendations or questions?
20
Contact Info
Privacy TA Center
Website: http://nces.ed.gov/programs/ptac/
Email: [email protected]
Phone: 1-855-249-3072
Fax: 1-855-249-3073
21
Related Documents
