NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > InfoSec News> 2007-q2

[ISN] Computers containing employee info stolen from CPS building

From: InfoSec News (alertsinfosecnews.org)
Date: Mon Apr 09 2007 - 03:07:55 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://abclocal.go.com/wls/story?section=local&id=5190814

By Evelyn Holmes
April 7, 2007

A huge breach of security has put thousands of Chicago Public School
employees at risk. A thief stole two laptop computers containing private
information about 40,000 current and former employees. The heist was
caught on tape.

Investigators say its still unclear if the laptops were stolen for the
sensitive information they contained or as a crime of opportunity.
Either way, it has some questioning how the school district safeguards
valuable information.

"You feel betrayed," said CPS teacher Caryn Block.

Block is one of the thousands of CPS employees put at risk. The stolen
laptop computers contained sensitive personal information of both
teachers and administrators and were taken from the district's downtown
headquarters.

"The board needs better security. It's just no words for it," said Linda
Porter, treasurer of the Chicago Teachers Union.

Chicago Police have issued an alert after surveillance cameras captured
the possible thief walking out of the board's Clark St. offices. He
carried a backpack possibly containing the stolen computers.

School officials say the computers were taken from a 13th-floor
conference room, where two contractors had used them to review the
payment history to the Chicago Teachers Pension Fund.

"We have security," said Andres Durbak of CPS Bureau of Safety of
Security. "We should have prevented this from happening."

School officials say the computers contained only the names and social
security numbers of contributors to the Pension Fund between 2003 and
2006. It's a great concern to 22-year-veteran educator Kirkland
Robertson who is fighting to get his financial life back after recently
becoming a victim of identity theft after making a purchase online.

"The board should pay for the fraud identity alerts. They should pay for
everyone's information to be checked," Robertson said.

The theft comes nearly six months after different security breach last
November when the names and social security numbers of 1700 former CPS
workers were mistakenly included in a mass mailing.

"If you have someone from outside look at our information, they should
have a guard with them all the time," said Chicago Teachers Union
President Marilyn Stewart. "The person either went to lunch or the rest
room or took a nap."

Security expert Garnet Steen says the easiest way to safeguard sensitive
personal information is to limit access and amount of detail given.

"Sometimes I think (they say), 'I'll give you everything' because it's
easier than giving you what you really need," said Steen of RelyData.

As required by law, C.P.S. says it will notify all employees and those
at risk. The school district also says it is offering a $10,000 reward
leading to the arrest or recovery of the computers. It is also offering
a year of credit protection for those at risk.

__________________________
Subscribe to InfoSec News
http://www.infosecnews.org

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]