Massachusetts and Vermont students who receive reimbursements from Medicaid are the latest victims of a data breach – one which has impacted around 3,500 individuals.
Multi-State Billing Services (MSB), the company from which the breach occurred, advised parents of the students to freeze credit accounts, in order to prevent attackers from viewing stolen credit reports. The company also stated that it plans to reimburse affected individuals for the credit freezes for three years.
A laptop was stolen from a staff member's locked vehicle in May, one which had a password for protection – but no encryption. This could make it substantially easier to breach and gain access to sensitive information.
The school district is now notifying the students throughout 19 school districts in Central and Eastern Massachusetts, as well as Vermont, that Social Security numbers and Medicaid identification numbers were among the details stolen.
Daniel Courter, the general counsel for MSB, explained that the likelihood of information being used for malicious purposes was low.
"The nature of the theft suggests that the perpetrator had no interest in, or awareness of, this data," he said.
The number of security breaches resulting from physical laptop or device theft is relatively high this year, almost on par with cyber attacks. While it's easier for businesses to neglect onsite physical device storage, instead simply securing networks and software, the impacts can be disastrous.
An employee leaving a mobile device such as a tablet unlocked in a public location can mean easy access for a cyber attacker. Both mobile application security and physical hardware security onsite need to become as important as cyber systems.