The Commission for Teacher Preparation (CTP) in Oklahoma has notified past test takers that they may be victims of a data breach, although there are indications that they should be safe. Of course, if data protection software like drive encryption from AlertBoot had been used, there would be no need for “indicators”: CTP would just know that test takers are safe.
Recovered Server Stolen in 2007
As far as I can tell, the commotion was started by a recovered server. Oklahoma policy recovered two computers as part of an investigation, and one them happened to be the CTP server. The commission hadn’t noticed the server was missing because it was being stored off-site, as a backup to a new server they had received in 2007.
The server contained the names and SSNs of candidates who had taken tests for certification and licensure between 1999 and 2007, inclusive.
Server Not Accessed
According to an analysis of the server, the computer was not accessed since the day it was retired (and put into storage). This does not necessarily mean that the information on the server couldn’t have been accessed: it’s notoriously difficult to be certain that a drive was not accessed since dates on files and logs can be manipulated or deleted.
However, my guess is that’s highly probable that the conclusion by the commission is correct. I mean, people don’t try to hide what they did on a stolen computer. The assumption by most thieves would be that the computer will not be returned to the victim. Hence, no need to hide their activities.
Luck is Not A Data Security Measure
The CTP has been extremely lucky. Their server was stolen; for over two years, they had no idea that it was stolen, so they couldn’t contact possibly-affected victims; and it looks like the data was not compromised (again, highly improbable…but not impossible). I mean, anything could have happened…and it did not.
Well, at least so far it hasn’t. It could be that once the test-takers are contacted, a pattern of affected people starts to pop up.
Using Encryption To Secure Data
Apparently, the CTP has also woken up to the fact that they’ve gotten lucky this time. According to a spokesperson, the data is being encrypted to protect it from future, potential breaches.
Encryption is not a panacea when it comes to data security, but it’s one of the fundamental tools when it comes to securing information. More often than not, it’s the last security weapon available when all other forms of protection fail. That’s because encryption will still be in place even if a computer or portable disk is stolen (the fact that it was stolen means that other security measure such as guards, doors, and cable locks were defeated).
The trick, though, is to have encryption in place before the device gets stolen.
Related Articles and Sites: