AOH :: ISNQ3871.HTM

Computers containing employee info stolen from CPS building




Computers containing employee info stolen from CPS building
Computers containing employee info stolen from CPS building



http://abclocal.go.com/wls/story?section=local&id=5190814 

By Evelyn Holmes
April 7, 2007

A huge breach of security has put thousands of Chicago Public School 
employees at risk. A thief stole two laptop computers containing private 
information about 40,000 current and former employees. The heist was 
caught on tape.

Investigators say its still unclear if the laptops were stolen for the 
sensitive information they contained or as a crime of opportunity. 
Either way, it has some questioning how the school district safeguards 
valuable information.

"You feel betrayed," said CPS teacher Caryn Block.

Block is one of the thousands of CPS employees put at risk. The stolen 
laptop computers contained sensitive personal information of both 
teachers and administrators and were taken from the district's downtown 
headquarters.

"The board needs better security. It's just no words for it," said Linda 
Porter, treasurer of the Chicago Teachers Union.

Chicago Police have issued an alert after surveillance cameras captured 
the possible thief walking out of the board's Clark St. offices. He 
carried a backpack possibly containing the stolen computers.

School officials say the computers were taken from a 13th-floor 
conference room, where two contractors had used them to review the 
payment history to the Chicago Teachers Pension Fund.

"We have security," said Andres Durbak of CPS Bureau of Safety of 
Security. "We should have prevented this from happening."

School officials say the computers contained only the names and social 
security numbers of contributors to the Pension Fund between 2003 and 
2006. It's a great concern to 22-year-veteran educator Kirkland 
Robertson who is fighting to get his financial life back after recently 
becoming a victim of identity theft after making a purchase online.

"The board should pay for the fraud identity alerts. They should pay for 
everyone's information to be checked," Robertson said.

The theft comes nearly six months after different security breach last 
November when the names and social security numbers of 1700 former CPS 
workers were mistakenly included in a mass mailing.

"If you have someone from outside look at our information, they should 
have a guard with them all the time," said Chicago Teachers Union 
President Marilyn Stewart. "The person either went to lunch or the rest 
room or took a nap."

Security expert Garnet Steen says the easiest way to safeguard sensitive 
personal information is to limit access and amount of detail given.

"Sometimes I think (they say), 'I'll give you everything' because it's 
easier than giving you what you really need," said Steen of RelyData.

As required by law, C.P.S. says it will notify all employees and those 
at risk. The school district also says it is offering a $10,000 reward 
leading to the arrest or recovery of the computers. It is also offering 
a year of credit protection for those at risk.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods