« Univeristy of California, San Francisco: Warning 46,000 people of possible identity theft risk after serious data breach in late March 2007 | Main | Luxury Data Breach: Neiman Marcus loses social security numbers, birth dates, and salaries for 160k employees »

April 10, 2007

40,000 Chicago Public Schools Educators' Social Security Numbers Exposed to ID Theft Risk

Two laptop computers were stolen last week from the Chicago Public Schools (CPS) headquarters. The two laptop computers belonged to the accounting firm of  McGladrey and Pullen and were being used by their subcontractors, who were analyzing information related to the Chicago Teacher Pension Fund contributions.

Unfortunately, the laptop computers contained the Social Security numbers of employees within the CPS who had contributed to the pension fund from the years 2003 to 2006. CPS is offering to pay for one year of credit monitoring for anyone affected by having their Social Security number placed at risk. The CPS offering of a $10,000 reward for information leading to the arrest of the suspect(s) who may have stolen the laptops is insufficient, considering the level of risk of identity theft faced by over 40,000 educators.

CPS never should have permitted laptop computers belonging to subcontractors to contain sensitive information. If there was a justifiable reason for allowing those laptops to contain and process financial information, then CPS should have mandated basic security controls on those laptops--including data encryption.  Just last week another educational system, the University of California, San Francisco, acknowledged a data breach in their computer systems which had placed 46,000 people at risk for identity theft.

Educational institutions by design are places with a culture of openness, exactly a culture opposed to restrictive information security management policies. However, educational institutions should apply the lessons learned by business organizations in order to better protect personal information belonging to their constituents. When will educational institutions become savvier about protecting our information?

As a security professional and executive, I can share with you there is enough technology to protect our information. The problem in security is not about the tools (i.e. technology) but about how effectively and wisely you use them.  Chicago Mayor Richard M. Daley should make sure this never happens again.

Until next time.


NBC5.com
http://www.nbc5.com/news/11592000/detail.html

Chicago Tribune
http://www.chicagotribune.com/news/local/chi-070409cps,1,1399066.story?coll=chi-news-hed

CBS 2 Chicago
http://cbs2chicago.com/topstories/local_story_099184939.html

Click Download TheCSOBoard-Podcast.mp3 for this blog post, and be sure to subscribe to our podcast feed link on this page.

Posted in Web/Tech |

Comments

Post a comment

Comments are moderated, and will not appear on this weblog until the author has approved them.