in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Disk Encryption: Texas Education Agency Thinks More Student IDs At Risk After Laredo

Late last March, news broke out on how nearly 25,000 Laredo District students had suffered a data breach when a CD was shipped out to the Texas Education Agency (TEA) via mail.  That wasn't the end of the situation: it turns out more districts had done the same in participation with a UT-Dallas research program.  Disk encryption wasn't used in any of the mailings.

Graduate in Top 10%, Have Data Breached

A January 14 memorandum obtained by texastribune.org confirms that the TEA Commissioner had been notified that:

"violations of agency data security operations" in the agency's handling of sensitive data from students who graduated in the top 10 percent of their classes between 1992 and 2010 at the following districts: Crowley, Harlingen, Round Rock, Killeen, Richardson, Irving, Mansfield, and Grand Prairie.

The violations that are being alluded to above refer to the mailing of unencrypted CDs with student information, as requested by UT-Dallas.  The information included dates of birth, SSNs, and ethnicities of 164,406 students (minimum).

That is not to say that over 150,000 IDs are at risk.  Rather, the mailing of such information via the mail -- if not protected with encryption software -- is a data breach, and as noted by the memo, an "avoidable risk."

Comment: I don't get it.  UT-Dallas asked for student SSNs.  All data from the different districts were sent to TEA, which in turn sends the data to UT-Dallas, but deidentified.    Hence, SSNs get deidentified.  So, UT-Dallas doesn't get SSNs but deidentified data.  Presumably, UT-Dallas knows this.  So, why are they asking for SSNs in the first place?

For more on the Laredo situation, following this link.

Not All Sheep.  Kudos

According to texastribune.org,

At least one of the eight districts, Grand Prairie, did not send in Social Security numbers as requested because its public information officer felt the risk of identity theft was too high. Instead, it identified students using their local PIEMs numbers.

Kudos to you, whoever you are.  What is a PIEM?  After much searching it looks like it might be a typo, and the actual initialism is PEIM, Public Education   Information Management System, which apparently uses a different set of IDs for keeping track of student information.

Undoubtedly, what the information officer sent TEA was a way of identifying students without also exposing them to the potential risk of becoming fraud victims if something goes wrong.  I'm surprised that UT-Dallas didn't ask for this information to begin with.


Related Articles and Sites:
http://www.texastribune.org/texas-education/public-education/more-student-ssns-were-at-risk-tea-says/

 
<Previous Next>

Data Security: Is France Really Requiring Passwords To Be Saved In Plaintext? Hashes Not Allowed?

Data Security: Epsilon Breach Commentary

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.