Maricopa County Community College District

After 7 months Maricopa Colleges informs 2.4 million students of data breach

November 27th, 2013

It took The Maricopa County Community College District seven months to notify 2.4 million current and former students and employees that their academic or personal data were compromised in a security breach.

The district’s governing board has already approved several million dollars for repairs, and agreed to spend up to $7 million more to notify everyone who is potentially affected, said spokesman Tom Gariepy.

Gariepy said that letters will be sent to current and former students, employees and vendors of the district’s 10 colleges going back at least several years to alert them that their information could have been seen.

Among the vulnerable data were employees’ Social Security numbers, driver’s-license numbers and bank-account information, he said. Students’ academic information also may have been exposed, but not their personal information. However there is no evidence that any information actually was looked at or stolen.

Gariepy also told that the FBI notified the district that it found a website advertising personal data from the district’s information-technology system for sale. The district’s website was taken down that day and stayed down for several days before being restored in stages.

Gariepy said the district didn’t release information about the event at the time because it was investigating the extent of the exposure.

“There was a tremendous amount of data, and the forensics investigation around this was very complex. They had to look at a number of different systems and servers and databases. It would have been nice to say something earlier, but we couldn’t give anyone information until we could say it with certainty, even if it’s not conclusive” Gariepy said.

At the same time, the district was repairing its information-technology system and didn’t want to publicize that it could be vulnerable. The district has installed more firewalls and security procedures. He also said some employees in the information-technology department face disciplinary action.

“We started immediate steps to make the system secure, and it’s become progressively more secure as time has gone on,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta