Louisiana Board of Regents Breaches 200,000 Louisiana SSNsFOR IMMEDIATE RELEASE: August 24, 2007
Media Contact: Aaron Titus
BATON ROUGE, Louisiana. In late June 2007, the Liberty Coalition discovered approximately 163,000 social security numbers, and contact information for nearly 200,000 Louisianans, in nearly 200 online documents. The affected individuals appear to be mainly former Louisiana high school students born between about 1979 and 1987, as well as roughly 34,000 Louisiana state education employees.
The files were posted on a website belonging to the Louisiana State Board of Regents, which appeared to be an online interface for an internal network. The files with sensitive information were among internal documents, usernames, passwords, company e-mail, personnel records, personal documents, family photos, and pornography. While parts of the network were password-protected, the folders containing these 200 files were open to the public, and not password protected. Many of them were indexed by major search engines. While nobody knows exactly how long the files were exposed, WDSU in New Orleans reports that the files may have been online as long as 1-2 years. The Board of Regents has posted an advisory on the subject. In the advisory they have indicated that
"Any student who was enrolled in the 10th grade at a Louisiana public high school and took the EPAS (Educational Planning and Assessment) Plan test between 2001 and 2003, [and] Any Louisiana public college or university faculty or staff member who was employed in either 2000 or 2001 [may be at risk]."As of the date of the breach, the Louisiana State Education system used a student's Social Security Number as their student ID.
Within one hour of notification, the Board of Regents shut down all access to the files and reported the breach to the Louisiana Attorney General's office and the state's Chief Information Officer, both of which are continuing to investigate the breach. They also contacted Google and other major search engines, to request that they clear their search engine caches.
The Board has also contracted with Verma Systems, Inc., a network solutions company, to improve the security of their data and systems and also with the Identify Theft Resource Center, a nationally respected nonprofit organization specializing in the prevention of identify theft, to assist them with exposure notification and to provide professional advisory services free of charge to individuals who may have been negatively affected by this data security breach. The Board of Regents has also established a call center and website to respond to questions and provide additional information regarding this issue.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.