[Dataloss] CA: Burglars steal Oakland school computers storing personal data
macwheel99 at wowway.com
macwheel99 at wowway.com
Thu Sep 4 02:41:21 UTC 2008
If the school has some kind of backup system for computer records, and are
able to restore a backup to replacement Dells of compatible hardware, OS,
and software, then they ought to be able to tell from the backup what was
involved.
School budgets typically do not allow for insurance against theft of school
property & it could be many months before they can get the money to have
hardware to restore a backup to. Maybe they can rent one Dell to backup one
at a time to restore one of the 10, get the info, then restore second of the
10 & so forth.
If their backup system involved one computer's data being backed up to
another computer, in pairs, then the backups are gone away with the stolen
computers.
Any reasonable person could conclude that all the employees data that was
SUPPOSED to be managed by the HR dept, was in fact on the gone computers,
minus anything on any computers not taken.
There are several ways to reconstruct a list of all your employees.
Most every modern organization has tons of computer generated reports ...
there's probably several that list all the employees ... we just had an end
fiscal month ... do schools have fiscal months?
If all the computers gone, then simply ask the bank for a statement of money
issued to what people in a recent payroll run, and you got a pretty good
list of your employees. If there's some kind of insurance for the
employees, then the insurance company will have that list.
Aside from the state of California having strict rules about notification of
the breached employees, there are also IRS regulations about keeping good
records in case of an audit. Where I work, we were recently audited by the
IRS. They wanted to see details from 2004, which fortunately were still on-
line, and easy to re-sort into whatever format the IRS people desired. Had
they wanted 2003, those records on paper in the attic.
The school district should have something similar, going back several years.
Digging through such records is what will take time, since they probably
packed away assuming extremely unlikely ever need again.
Al Macintyre
> http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/09/03/MN8F12NM56.DTL
>
> Thieves stole 10 desktop computers containing employees' personal
> information Tuesday night from the Oakland school district's main
> office on 2nd Avenue, district official said today.
>
> The computers were located in the 2nd floor Human Resources
> Department and appear to be the only equipment stolen.
>
> The burglary is believed to have occurred at about 11 p.m., with the
> suspects scaling a rear wall and using wire cutters to get through a
> metal window screen, said district spokesman Troy Flint. Workers
> arriving this morning discovered the theft.
>
> Most of the equipment stolen were Dell desktop hard drives. District
> officials were still determining what information was on each
> computer, but said that they contained personal information provided
> to the district when employees are hired. It was unknown today how
> many employees' records were on the computers.
>
> [...]
> _______________________________________________
> Dataloss Mailing List (dataloss at attrition.org)
> http://attrition.org/dataloss
>
> Tenable Network Security offers data leakage and compliance
> monitoring solutions for large and small networks. Scan your network
> and monitor your traffic to find the data needing protection before
> it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
--
WOW! Homepage (http://www.wowway.com)
More information about the Dataloss
mailing list