<![CDATA[[SecurityRatty] tag: dickson]]>

<![CDATA[[SecurityRatty] tag: dickson]]> http://securityratty.com/tag/dickson Mon, 03 Dec 2007 12:51:00 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Dickson County School District employee information stolen]]> http://securityratty.com/article/c547b25ca5d443005c23b781eb42d2ae http://securityratty.com/article/c547b25ca5d443005c23b781eb42d2ae Security Breach

Date Reported:
6/11/08

Organization:
Dickson County School District

Contractor/Consultant/Branch:
None

Victims:
"employees who worked for Dickson County schools in the 2006-2007 school year"

Number Affected:
850

Types of Data:
Payroll information including names, addresses and Social Security numbers

Breach Description:
"DICKSON, Tenn. -- A laptop computer containing personal employee information disappeared over the weekend from the office of Dickson County's top school official."

Reference URL:
WSMV Channel 4 News
WZTV Channel 17 News
The Tennessean

Report Credit:
Chris Tatum, WSMV Channel 4 News

Response:
From the online sources cited above:

A laptop computer containing the Social Security numbers and payroll information of all the employees of the Dickson County school system has been stolen, and authorities are warning school officials to watch their bank accounts.
[Evan] Is a physically and technically unsecure mobile device a good place to store confidential information? You probably know the answer to this already.

The computer belongs to the new director of schools and was loaded with the name and Social Security number of every school employee from the 2006-2007 school year, a total of 850.

"It's all public record except for the Social Security numbers," Johnny Chandler
[Evan] Well yeah, except for the Social Security numbers! What the &@*#?

"It came up missing over the weekend, sometime between Friday until Monday," said Dickson County school superintendent Johnny Chandler.

Chandler became the district's school superintendent last week and said that the laptop was on this desk when the office closed Friday evening.
[Evan] I couldn't find any mention of whether or not the office itself was locked or secured. I presume that it was not. This is not a very good start to Mr. Chandler's tenure.

Police have launched an investigation, but found no signs of a break-in and haven't ruled out someone within the building being the cause of the theft.

Employees at the Board of Education and police investigators believe the person who stole the laptop walked right through the door without forced entry.

Chandler admits that a cleaning crew, several staff and students for a retirement party came into the building over the weekend.

He has warned all school employees to keep a close eye on their credit reports.

We sent letters to everyone that was on that database in '06 and '07

Chandler assures school employees that he'll make sure this never happens again.
[Evan] How?

"All of our laptop computers will not be allowed to have any personal information concerning any employee or student," said Chandler.
[Evan] This is one good step. Will this be in policy? Will employees be trained and made periodically aware of this mandate? How will this be enforced? Will this mandate include other mobile devices and media such as CDs, thumb drives, etc.?

He said the laptop is double password protected.
[Evan] Sounds impressive, doesn't it.

"It has a double password so it would take a computer genius to get into it."
[Evan] I am certainly no genius, but I am pretty sure I could get into it!

Chandler said he plans to upgrade the security system at the school board building.

In the meantime, workers will lock up any equipment that contains sensitive information when they're not using it.

Dickson police said they are notifying local pawn shops to be on the lookout for the stolen laptop.

Director Vivian McCord says, "I really wish they would return it."

"The office it was taken from was next to the computer office and there were multiple computers next door in that room. So I really feel like it was just a quick little taking of a computer."

Anyone with information should call the Dickson Police Department at (615) 441-9592

Commentary:
We see these kinds of breaches all the time, but why? It is frustrating.

Too many people collect and store personal information and are oblivious to the risks. A laptop computer + confidential information + unlocked office - encryption = unacceptable risk for most prudent people. A simplistic point, but you get it.

Past Breaches:
Unknown

]]> Thu, 12 Jun 2008 07:52:47 +0000 information school store personal information personal information dickson county dickson police police store confidential information school board Dickson County School District employee information stolen <![CDATA[A downside to being a Billionaire]]> http://securityratty.com/article/d4b02ee119f372cc4722b1e0f50eb642 http://securityratty.com/article/d4b02ee119f372cc4722b1e0f50eb642

I guess the grass isn't always greener on the other side. Even if the other side is you having a couple billion dollars. I dug into the archives for this post by Ed Dickson, which described how NYC Mayor Bloomberg was victimized twice, almost simultaneously, by thieves trying to get at his multi-billion dollar wallet.

Check out Ed's post for the details, but let's take a quick look at what we can learn from these attacks. The first was a pretty standard check counterfeiting attack. Not much you can do about that. If someone gets a copy of your check, with the routing number and account number, then they can produce a likeness that could be accepted by any number of merchants out there.

The banks invest a lot in anti-counterfeiting marks on the checks, but in the end it's up to the merchant and your bank as to whether they will accept the fake. Most of the time they won't, but other times they may. That's why it's so important for you to keep on top of your finances and check your balances daily. Then you'll know if unauthorized charges are showing up. This is discussed in detail in Step 6 of Security Mike's Guide to Internet Security.

The second attack involved the criminal logging into Mr. Mayor's bank account and transferring money to a 3rd party financial institution. How did someone get his login and password? Who knows? It could have been anything. This is another example where staying on top of your account balances would have shown a weird transfer and you could have investigated it.

I'm sure Bloomberg has people to look into this. That's how they found the issues and with a high profile victim like the Mayor, the banks and law enforcement will work hard to bring the perpetrators to justice. It makes for good PR. I'm sure the bank also returned the money right where they found it, and no one but the criminals are any worse for wear.

So I guess the grass is greener after all for the Billionaires out there. If it's not, you certainly can afford a lot of spray paint, sod or whatever else you want to use to make your grass seem greener.

]]> Mon, 03 Dec 2007 12:51:00 +0000 account bank account pretty standard check check nyc mayor bloomberg bloomberg mayor bank greener A downside to being a Billionaire