Arizona data breach impacts millions, costs millions more

Share this article:

A Maricopa County Community College District (MCCCD) data breach that affected millions of individuals has ended up costing the education system millions of dollars more.

The Arizona school district – which has about 265,000 students enrolled in courses annually in 10 community colleges – is notifying nearly 2.5 million students, former students, employees and vendors that hackers may have compromised their personal information in a data breach.

“The distinction I need to make is that we don't know if anyone ever came in and either looked at this data or took it for whatever purposes,” Tom Gariepy, an MCCCD spokesman, told SCMagazine.com on Monday. “What we do know is that the data was vulnerable to that, but there is no evidence that anyone ever did it.”

The sensitive data includes a mixed bag of names, dates of birth, driver's license numbers, student information, Social Security numbers and banking information.

The district was alerted of the attack on April 29 when the Federal Bureau of Investigation (FBI) notified school officials that sensitive information from the district's computer networks was being offered for sale online.

A weak computer defense infrastructure is how attackers may have been able to get into the district computers and steal the sensitive information, according to Gariepy, who explained that certain district employees with IT responsibilities failed to meet standards and expectations and that appropriate disciplinary actions are being taken as a result.

Up to $7 million was approved on Tuesday by the district's governing board to be spent on notifying affected individuals, maintaining a call center and offering a free year of credit monitoring and identity theft protection services, according to Gariepy, who indicated that there have been no reports so far of the information being used inappropriately.

Firewalls, real-time state of the art monitoring and additional security measures will be implemented on top of the $7 million, Gariepy added, explaining the district is carrying out a comprehensive review of all policies and procedures.

“One reason it took as long as it did is because there are multiple systems and servers and there's millions of accounts,” Gariepy said, adding the investigation is ongoing. “It took a long time to review. Obviously there's a great deal of information we still can't talk about. ”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.