A school district in Missouri has recently had the personal information of over 10,000 past and present staff and students breached, following the actions of a former employee.
Park Hill School District is now notifying the victims, after it was discovered a former employee downloaded files onto a personal hard drive without consent. This former staffer then proceeded to upload the files to the internet – files which contained Social Security numbers, student and staff records.
A local resident saw the data had been uploaded and notified the district of the online availability. The personal information was located in 13,704 documents, all of which had to be manually reviewed to identify the victims of the breach.
The district subsequently removed the files from the internet and took action to update policies surrounding the taking of information. In addition, further training practices were put in place.
"As soon as we completed that list [of impacted individuals], we sent out a letter to everyone whose sensitive information was in the documents, even though we had no evidence of actual theft or misuse of data," the release from the district stated.
"We are already working on updating our policies to more clearly prohibit employees from taking information like this. In addition, we now require training of every employee who has access to sensitive information."
The last step taken by the district is particularly prudent, and should serve to ensure a greater level of security over the next few years. Of course, it's also essential that practices such as detailed security audits are undertaken on a regular basis in order to check whether security practices are being adhered to.
Businesses need to remember that IT security isn't limited to cyber actions alone, but can be physical theft from within the company.