Arizona data breach impacts millions, costs millions more

Share this article:

A Maricopa County Community College District (MCCCD) data breach that affected millions of individuals has ended up costing the education system millions of dollars more.

The Arizona school district – which has about 265,000 students enrolled in courses annually in 10 community colleges – is notifying nearly 2.5 million students, former students, employees and vendors that hackers may have compromised their personal information in a data breach.

“The distinction I need to make is that we don't know if anyone ever came in and either looked at this data or took it for whatever purposes,” Tom Gariepy, an MCCCD spokesman, told SCMagazine.com on Monday. “What we do know is that the data was vulnerable to that, but there is no evidence that anyone ever did it.”

The sensitive data includes a mixed bag of names, dates of birth, driver's license numbers, student information, Social Security numbers and banking information.

The district was alerted of the attack on April 29 when the Federal Bureau of Investigation (FBI) notified school officials that sensitive information from the district's computer networks was being offered for sale online.

A weak computer defense infrastructure is how attackers may have been able to get into the district computers and steal the sensitive information, according to Gariepy, who explained that certain district employees with IT responsibilities failed to meet standards and expectations and that appropriate disciplinary actions are being taken as a result.

Up to $7 million was approved on Tuesday by the district's governing board to be spent on notifying affected individuals, maintaining a call center and offering a free year of credit monitoring and identity theft protection services, according to Gariepy, who indicated that there have been no reports so far of the information being used inappropriately.

Firewalls, real-time state of the art monitoring and additional security measures will be implemented on top of the $7 million, Gariepy added, explaining the district is carrying out a comprehensive review of all policies and procedures.

“One reason it took as long as it did is because there are multiple systems and servers and there's millions of accounts,” Gariepy said, adding the investigation is ongoing. “It took a long time to review. Obviously there's a great deal of information we still can't talk about. ”

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.