More than 10,000 worker’s names, Social Security numbers and birth dates were compromised.
The Prince George’s County School System is investigating how the personal information of thousands of its employees ended up in a report that was forwarded to personal e-mail addresses outside the school system this month.
Max Pugh, a schools spokesman, said the district has begun an investigation into how more than 10,000 employees’ names, Social Security numbers, birth dates and employee identification numbers were compromised.
Deputy Superintendent Monique W. Davis sent an e-mail to nearly half of the school district’s 23,785-person workforce last week alerting the employees that their personal data was “potentially exposed” to others when the school district sent an e-mail that inadvertently included the private information.
The school system apologized for the inconvenience and said it was working to ensure that it does not happen again.
“We have initiated an internal investigation to determine why the report included the information,” Pugh said. He said there was a delay in notification — of about a week — because the school system had to determine the scale of the leak before reaching out to employees.
The system’s Human Resources Division contacted the teachers and principals unions’ leadership on Nov. 17 to tell them about the Nov. 14 leak, and an e-mail to employees who were affected was sent on Nov. 21.
The leak has angered employees, who have questioned the length of time it took to notify them that they might be at risk of identity theft. They also said it is unclear to them how many people received their personal information or what might happen to it.
Darla Heinz, a teacher at Northwestern High School in Hyattsville, said she is concerned about long-range ramifications, including someone holding onto the information for years and potentially creating havoc at a later date.
“It’s all very troubling,” Heinz said.
The president of the teachers union, Kenneth Haines, who has been a victim of identity theft, said in a letter to his members that mistakes happen.
“Unfortunately, to err is an irrevocable part of the human condition,” he wrote. “Shock and anger are the natural first reactions to such events, but it is now time to ensure that as little damage as possible arises from this breach.”
The school system’s Human Resources Division posted “Frequently Asked Questions” regarding the incident on its Web page Monday, but it was quickly removed. According to the posting, Human Resources generated a “routine” report on Nov. 14 that inadvertently included the personal data. After school system officials realized that the sensitive information was in the report, the district suspended the e-mail accounts of all recipients in order to delete the file.
“As part of this process, PGCPS discovered that some recipients forwarded the report outside of the PGCPS e-mail domain,” the posting said.
In Davis’s e-mail notifying employees, she said the original e-mail was sent to a “select group of principals.”
A spokeswoman for the system said that the outside addresses to which the material was sent were the personal addresses of school staff members. Recipients have been contacted, said the spokeswoman, Lynn McCawley.
>>> Read more Washington Post.
Teachers in Prince George’s County needs to seriously consider unseating the current union president who appears to be in bed with Dr. Maxwell and the Rushern Baker regime via Mr. Christian Rhodes who is being used by the unions within the county to advance mega misconduct involving public funds. It’s amazing how the PGCEA President seems to be so accommodating to the incompetence that is so obvious with evidence presented. Unions who work on behalf of the employees, should stop being a lap dog and get some teeth for the employees they work for. Or “do the Unions like rolling over so they can gain political favor later and presently have their bellies rubbed?” One citizenry stated in the blogs. One wonders… Why would the administrators need to Forward the email with priviate data to their personal email account when they all have access to their work email account from virtually everywhere.
We are convinced, President Kenneth Haines works on behalf of himself not the employees of PGCPS. Everyone in the county who has been following this knows that…except for the union employees. This same Haines used to work together years ago with Dr. Maxwell at Northwestern High school and are close friends. Mr. Haines also used to work closely with Mr. Christian Rhones in the same PGCEA. PGCEA is absolutely worthless and in bed with the admin of PGCPS. They basically steal money from the teachers in the form of dues and provide nothing positive other than negotiating the employee contract while harassing employees. The negotiating of contract is too, is highly suspect. If any teacher or other professional ever need major help from PGCEA for whatever reason, you will have a wake up call then. PGCEA is part of MSEA and NEA and the current Board chair Segun Eubanks works for NEA which creates a conflict of interest on several levels! The union corruption within the county is in full swing with high salaries to cover up wrong doing at the expense of teachers and other professionals. In the meantime, the children of Prince Gorge’s County are not doing well academically. Looking at its educational leaders we can see why the students are failing. This is what we have been saying all along while calling for reforms, innovation and transformations in PGCPS.
Each organization has its own secrets to keep, and most, if not all of them, are not the romantic hacker dreams of corporate shady affairs.
The real secrets of a business are the sale reports, projects still under development or future mergers and in general any other nuggets of information that can be speculated by the competition. Putting the deliberate ones aside like what happened in PGCPS with Principals forwarding information in private emails for personal use, most security breaches are accidents, unintentional “slips of the tongue” or fatigue induced human errors.
Sometimes employees feel the need to bring work home with them. This may be due to a fast approaching deadline, a need to catch up on lost work hours or simply because they are greatly engaged by the project; some people do enjoy their work! The ideal case for this situation would be to bring the work laptop along, a device which is secured by the company’s software.
However, in most cases, one is forced to bring home just the data itself via a USB stick or some similar mobile data storage device. This is where an accidental information security breach can occur. The home computer does not benefit from the company’s security systems and once sensitive information is uploaded on to it, it’s pretty much the same as making it public.
The files could be accessed by a random network intruder that recognizes their value and decides to make a profit out of it. Or the USB stick can be borrowed by a family member and your marketing plans could end up being shared on the campus network all over the world. It will be many years to find out the damage caused by the current breach in PGCPS.
One simple way to prevent such incidents is to keep a close eye on your employees and grant them permission, based on each individual scenario, to take the information out of the organization. However, this task quickly becomes insurmountable in a large business. This is where an automated system comes in handy, one that can track any inbound or outbound devices and data activity, control and block it if necessary.
The market is aware of this problem, and solutions are available, but most of them are very expensive and too rigid. These act as a small part of a much larger package, one that seeks to replace your entire security system.
A module-based alternative that allows you to pick the solution for your particular problem is the cost-efficient way to go.
With such a system, you can simply hand-pick the modules that cover any gaps or quirks of your current security without the elaborate and cluttered process of reinstalling an entire suite of security protocols.
In the above situation concerning private information of PGCPS employees data being shared widely by the administration without their consent, the top leadership which forwarded the data for private purposes without permission must pay the price. We are watching! Call your leaders and demand action.
Read more >>>>Call your Elected Officials now and the Media.