Data Breach Could Cost Missouri $50M

Security

A data breach that may have exposed the Social Security numbers of tens of thousands of teachers, administrators, and counselors across Missouri could end up costing the Show-Me State $50m. 

The security incident was caused by a flaw in a search tool on a website maintained by the state’s Department of Elementary and Secondary Education. 

A reporter at the St. Louis Post-Dispatch discovered the vulnerability. The newspaper said that while no private information was clearly visible or searchable, teachers’ Social Security numbers were contained in the HTML source code of certain web pages. 

After being notified of the data breach on October 12, the department removed the page that included the search tool. 

Department spokeswoman Mallory McGowin said: “We have worked with our data team and the Office of Administration Information Technology Services Division to get that search tool pulled down immediately, so we can dig into the situation and learn more about what has happened.”

The newspaper estimated that more than 100,000 Social Security numbers were made vulnerable by the flaw. However, the Missouri Commissioner’s Office, in a statement released October 12, said that the personally identifiable information of only three Missouri educators was potentially compromised.

Shaji Khan, a cybersecurity professor at the University of Missouri–St. Louis, described the vulnerability as “a serious flaw” that the cybersecurity industry has known about “for at least 10–12 years, if not more.”

“The fact that this type of vulnerability is still present in the DESE web application is mind boggling!” wrote Khan in an email to the Post-Dispatch.

Speaking at a press conference held on October 14, Missouri Governor Mike Parson said that the journalist who discovered the flaw should face criminal hacking charges.

“Not only are we going to hold this individual accountable, but we will also be holding accountable all those who aided this individual and the media corporation that employs them,” said Parson.

News of how much money it might take to recover from the breach was announced by the governor’s office. The $50m estimate includes the cost of credit monitoring for breach victims and the creation of a call center to handle related inquiries.

Products You May Like

Articles You May Like

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware
White House Urges Tech Industry to Eliminate Memory Safety Vulnerabilities
SMBs at Risk From SendGrid-Focused Phishing Tactics
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
ICO Bans Serco Leisure’s Use of Facial Recognition for Employee Attendance

Leave a Reply

Your email address will not be published. Required fields are marked *