Education Sector | Office of Inadequate Security

Two Miami Men Convicted In Identity Theft Tax Refund Fraud Scheme Involving Over 1,000 Victims

Breach Incidents, Education Sector, ID Theft, Miscellaneous, U.S. Comments Off

Apr 162013

Earnest Baldwin, 36 of Miami, and Earl Baldwin, 42 of Miami were convicted on April 10 for their participation in a tax refund scheme using stolen identities. They had been charged in October 2012.

According to testimony and evidence presented at trial, the defendants were involved in an identity theft tax fraud scheme that operated from July 2011 through June 2012. During the course of their fraud scheme, approximately $1.7 million in fraudulent refund claims were submitted to the IRS for payment. Nearly all of these claims requested payment of the refunds onto pre-paid debit cards and some of these claims were filed from Earl Baldwin’s residence.

The trial testimony and evidence further showed that Earnest Baldwin was found with over 1,000 individual names, dates of birth, and Social Security numbers and approximately 40 pre-paid debit cards in other people’s names. Some of these papers seized included high school report cards with identity information and data from an organization for disabled persons containing identity information. Neither the school nor the organization were named in the press release from the U.S. Attorney’s Office.

Two additional co-conspirators, Lineten Belizaire, 22, and Marckell Steward, 21, both of Miami, previously pled guilty in this matter. Belizaire pled guilty to access device fraud and aggravated identity theft on March 18, 2013. Steward pled guilty to conspiracy to commit access device fraud and aggravated identity theft on January 31, 2013.

Source: U.S. Attorney’s Office, Southern District of Florida.

The “we’re just one of many” excuse doesn’t fly here

Breach Incidents, Education Sector, Hack, U.S. Comments Off

Apr 082013

With all the news about #OpIsrael, it was easy to miss a breach that was reported today involving Kirkwood Community College in Iowa.

On March 13, they were hacked, and the hacker had access to 125,000 records from students who had applied online for credit courses between February 2005 and March 5, 2013. The school is not sure whether any data were downloaded at the time of this publication.

In WCF Couriers’ coverage of the breach, vice president of student services Kristie Fisher was quoted:

She said the college believes that its database was adequately protected, but that hacking has become too common.

How can you claim your database was adequately protected when it was just hacked to the tune of 125,000 records?

“Unfortunately, we think we just found ourselves in the middle of something that’s happening all over the world,” she said. “In today’s world, you can’t protect anything 100 percent when it’s online.”

OK, so then knowing that, why did you need to have records going back to February 2005 connected online? Are students who signed up in February 2005 at your two-year community college still signing up for classes 8 years later?

Knowing the risk, did you really need all that data connected?

Two years and one federal clue stick later, Tallahassee Community College finds out they had breach

Breach Incidents, Education Sector, ID Theft Comments Off

Mar 222013

From the college’s press release today:

Tallahassee Community College, on Friday, announced that an unauthorized acquisition of computerized data that may materially compromise the security, confidentiality, or integrity of personal information occurred in March 2011.

College officials were recently notified of the breach of security by federal officials. The federal investigation resulted in the conviction of a Miami, Fla., man on one count of conspiracy to submit false claims to the Internal Revenue Service, one count of access device fraud, and two counts of aggravated identity theft.

“TCC values the protection of private information, so we take this matter very seriously,” said TCC Chief of Police David Hendry. “We have identified the group of individuals whose information may have been compromised, and we will immediately begin the process of contacting each one.”

According to Hendry, the College believes the breach occurred internally and impacts approximately 3,300 individuals. An investigation into the breach is ongoing.

Beginning Monday, TCC will mail personalized letters to the persons potentially impacted by the data breach. The letters will detail what steps individuals can take to check the security of their identities; TCC will also provide additional resources, including a TCC hotline to provide further information.

If the federal investigation led to a conviction, then the feds clearly knew about this for a while. Why didn’t they inform the college before now? And why didn’t the college discover this breach on their own two years ago? What does the police chief mean that it occurred “internally?” Is he suggesting an employee was implicated in wrongdoing or something else?

Data breaches in higher education

Commentaries and Analyses, Education Sector, Of Note Comments Off

Mar 182013

TeamSHATTER reports on data breaches in the higher education vertical throughout the United States.

The past year has seen a substantial uptick in the amount of total records breached. In 2012, there was a dramatic increase in the total number of reported records affected (1,977,412), but a relatively low amount of institutions (51) that reported breaches. In fact, the past year has seen the most reported compromised records in the higher education sector since 2006, based on data since tracking began in 2005.

Arkansas State U. faculty victims of tax refund fraud, but source of breach still unknown

Breach Incidents, Education Sector, ID Theft, U.S. Comments Off

Mar 112013

One month after it became aware that some faculty members had become victims of tax refund fraud, Arkansas State University still hasn’t figured out whether the breach was of their system or a third-party vendor’s. By now, 150 employees have reported problems. KAIT8 has the story.

Antioch district working to fix inadvertent disclosure of employee data

Breach Incidents, Education Sector, Exposure, U.S. Comments Off

Jan 292013

Paul Burgarino reports:

District officials have been working to fix an inadvertent disclosure of some personal employee information that spread last week via email.

While a former Antioch Unified employee was trying to pass on information about a replacement’s responsibilities at the end of the workday Jan. 18, the employee attached a file to an email that went to a limited number of district personnel that had confidential information — namely Social Security numbers and some worker compensation claim information for current and former employees who reported injuries, Superintendent Donald Gill said.