The New York State Education
Department hasn’t incorporated all of the recommendations to protect student
data, leaving it vulnerable to attack, the Office of the State Comptroller
wrote in a November letter to Education Commissioner MaryEllen Elia.
“The Department has not made significant progress,” the letter from State Comptroller Thomas P. DiNapoli said, according to a report in the Wall Street Journal, which prompted a statement from the education department noting that it has “operational security measures in place,” but admitting that its efforts have been stymied by difficulties in replacing its CISO.
“We have experienced challenges in
filling in the CISO position since the incumbent left that position,” the
spokesperson said. “We hope to fill that position in the coming weeks and that
person will begin to implement the audit’s recommendations.”
The comptroller’s office had made the recommendations following an audit in July 2017.
Schools are a frequent target for
Recently, a pair
of U.S. school districts were hit with two very different, but still
damaging, cyberattacks in a week.
A former Chicago Public School employee was arrested for stealing the PII of 80,000 district workers, while Gallow, N.J., the district lost $200,000 due to a wire fraud scam.
the Windy City incident, Kristi Sims was arrested on four counts of aggravated
computer tampering and three counts of identity theft. The content taken
included names, employee ID numbers, phone numbers, addresses, dates of birth,
criminal arrest histories and DCFS findings. Sims was a contract worker
for the district handling administrative tasks for the school’s Office of
Safety and Security.
Galloway Township Public School System was victimized by two fraudulent wire
transfers scams of $200,000 each. One was canceled before any money was
transferred, but the remaining amount is unrecovered at this times.
And in September, a GandCrab ransomware
attack forced Monroe
County School District in Florida to shut down its computer systems for at
least three days.