Monday, December 14, 2009
Fraud ‘hits’ follow local data breach
Fraud ‘hits’ follow local data breach
School employees’ Social Security, bank information stolen
By Howard Buck
Columbian staff writer
Social Security numbers of Vancouver Public Schools’ 3,000-plus employees are assumed to be stolen, district officials said Tuesday.
A security breach disclosed on Monday also involves personal banking account information for those employees who use direct payroll deposit, officials said.
Vancouver Police Department computer forensics experts continue to investigate the incident.
Already, several Vancouver district employees have reported "hits" of suspicious personal banking account activity after their financial institutions were alerted to possible fraud, by the district or by employees directly.
"They are out there," Steve Olsen, VPS chief fiscal officer, said of the Social Security numbers, along with names, birth dates and other personal identification and banking information believed compromised.
It now appears someone who gained I.D. password access cracked into the Citrix software "server farm" hosted by Educational Service District 112, based in Vancouver. That person obtained personal payroll data, said Olsen and Linda Turner, the district’s technology officer.
An out-of-order "process," or computer data run, first drew attention of managers last Friday, Turner said.
"We believe it was an outsider that hacked into the system," Turner said.
Vancouver Superintendent Steve Webb on Tuesday urged all employees to take precautions: Each should notify their bank, credit union or other institution and ask that their account(s) be flagged for monitoring.
District employees also were advised to contact one of three nationwide credit reporting agencies to request a fraud alert for identity theft. They were directed to telephone the firms Equifax, Experian or TransUnion to complete a "several-minute process," which should guard them from any unauthorized charges.
Webb told employees the district acted quickly on Monday to notify all Vancouver-Portland area banks and credit unions. The plan was to contact large national banks Tuesday, Webb said.
The unsettling news has jolted faculty members, said Ann Giles, head of the Vancouver district teachers’ union.
Reaction covered "a variety of emotions" that include fear and anger, Giles told school board members during a meeting on Tuesday.
Investigation so far points to unauthorized access of what is called the Vancouver PS WESPaC Fiscal system, housed in the Southwest Regional Data Center.
The center is an arm of ESD 112 that supports computerized student (including student grades) and fiscal systems for K-12 school districts across the ESD’s five-county, Southwest Washington territory.
ESD held a special meeting on Tuesday to update school representatives from across Clark County and the region.
It’s believed the security breach was limited only to Vancouver district data, said Brant Russell, the data center director.
Russell noted that Vancouver district officials immediately changed all employee passwords for its Citrix and WESPaC access after discovering the breach.
In turn, the regional data center is supported by the Washington School Information Processing Cooperative. The Everett-based, nonprofit co-op oversees student and fiscal software systems for 282 of Washington state’s 295 school districts.
The cooperative is assisting the Vancouver district, ESD 112 and Vancouver police in the investigation, said Marty Daybell, WSIPC executive director.
Daybell said internal inspection showed the co-op’s master software firewall had not been breached to expose any other school system’s data. But he was no less troubled by an apparent intrusion at the ESD 112 end, he said.
"We have not had direct exposure. This could very well be the first," Daybell said. The extent of Vancouver data pilfered could "run the scale from simple to catastrophe," he said, awaiting more word from investigators.
School employees’ Social Security, bank information stolen
By Howard Buck
Columbian staff writer
Social Security numbers of Vancouver Public Schools’ 3,000-plus employees are assumed to be stolen, district officials said Tuesday.
A security breach disclosed on Monday also involves personal banking account information for those employees who use direct payroll deposit, officials said.
Vancouver Police Department computer forensics experts continue to investigate the incident.
Already, several Vancouver district employees have reported "hits" of suspicious personal banking account activity after their financial institutions were alerted to possible fraud, by the district or by employees directly.
"They are out there," Steve Olsen, VPS chief fiscal officer, said of the Social Security numbers, along with names, birth dates and other personal identification and banking information believed compromised.
It now appears someone who gained I.D. password access cracked into the Citrix software "server farm" hosted by Educational Service District 112, based in Vancouver. That person obtained personal payroll data, said Olsen and Linda Turner, the district’s technology officer.
An out-of-order "process," or computer data run, first drew attention of managers last Friday, Turner said.
"We believe it was an outsider that hacked into the system," Turner said.
Vancouver Superintendent Steve Webb on Tuesday urged all employees to take precautions: Each should notify their bank, credit union or other institution and ask that their account(s) be flagged for monitoring.
District employees also were advised to contact one of three nationwide credit reporting agencies to request a fraud alert for identity theft. They were directed to telephone the firms Equifax, Experian or TransUnion to complete a "several-minute process," which should guard them from any unauthorized charges.
Webb told employees the district acted quickly on Monday to notify all Vancouver-Portland area banks and credit unions. The plan was to contact large national banks Tuesday, Webb said.
The unsettling news has jolted faculty members, said Ann Giles, head of the Vancouver district teachers’ union.
Reaction covered "a variety of emotions" that include fear and anger, Giles told school board members during a meeting on Tuesday.
Investigation so far points to unauthorized access of what is called the Vancouver PS WESPaC Fiscal system, housed in the Southwest Regional Data Center.
The center is an arm of ESD 112 that supports computerized student (including student grades) and fiscal systems for K-12 school districts across the ESD’s five-county, Southwest Washington territory.
ESD held a special meeting on Tuesday to update school representatives from across Clark County and the region.
It’s believed the security breach was limited only to Vancouver district data, said Brant Russell, the data center director.
Russell noted that Vancouver district officials immediately changed all employee passwords for its Citrix and WESPaC access after discovering the breach.
In turn, the regional data center is supported by the Washington School Information Processing Cooperative. The Everett-based, nonprofit co-op oversees student and fiscal software systems for 282 of Washington state’s 295 school districts.
The cooperative is assisting the Vancouver district, ESD 112 and Vancouver police in the investigation, said Marty Daybell, WSIPC executive director.
Daybell said internal inspection showed the co-op’s master software firewall had not been breached to expose any other school system’s data. But he was no less troubled by an apparent intrusion at the ESD 112 end, he said.
"We have not had direct exposure. This could very well be the first," Daybell said. The extent of Vancouver data pilfered could "run the scale from simple to catastrophe," he said, awaiting more word from investigators.
# posted by raveneye @ 11:09 AM 
