By: Tonya Mead, CFE, CHFI, PI, MBA, MA Educational Psychology
Once again, it looks like criminals have found a treasure trove in unsecured data maintained by schools. The victims? This time it was not the students’ confidential information that was stolen, rather the personal private information of staff and employees. As discussed here, the exploitation of data maintained by state information systems grows with the perception of lax cyber security.
- Post- Hack to prove enrollment
- Post- Botnet grade in education- graph
- Post- Botnets and identity theft in education
- Post- WTF? CDI says don’t worry about threat in schools
- Presentation- The exploitation of minors to gain confidential information
The reason? The reliance upon data to drive instruction, guide school management decisions and inform state and local policy decisions has been the rage for the last two decades (beneficial for elementary, special education students and those at risk).
- Post- Bank data for 40 million borrowers vulnerable
- Post- U.S. Department of Education earns D- FITARA Score
- Post- 23,000 student information hacked
- Post- Data exploits vulnerable children
One would think that states would tighten cyber security controls. Unfortunately the security of information systems managed by state education agencies, universities and local schools has not kept pace.
Third Party Vendors
Another weak link is the security systems utilized by data warehouses and other third party vendors hired to store, manage and report upon school and university data. In this instance, the third party payroll contractor’s data system was breached. The perpetrator “used public school employees’ identifications stolen from a payroll company to file more than 2,000 fraudulent federal tax returns. ” He then “used fraudulently obtained identification numbers to get refund checks.” (para 3). But what about the profile of the criminal? What do we know?
- Post- Stringent accountability measures for school vendors
- Post- Cyber scammers target schools
The criminal was ” a Nigerian citizen living in St. Louis.” (para 1, line 1). He was ultimately sentenced to more than six years imprisonment after filing fraudulent IRS tax returns to request more than $12 million in refunds. While he may not have been successful in obtaining $12 million, we do know that the federal judge requested that the criminal pay more than $900,000 in restitution. (para 2, line 1).
Thanks to the unnamed prosecutor for the continued pursuit and eventual capture and prosecution of a criminal that was deported from the US in 1995. He later returned in 1999 to carryout his schemes of “mail fraud, aggravated identity theft, voter fraud and illegal re-entry to the U.S.” (para 3). Parents of public school students, taxpayers, and school employees are much obliged to law enforcement for doing their job.
Tonya J. Mead, CFE, CHFI, PI, MBA, MA, Certified K-12 Administrator and School Psychologist is author of Fraud in Education: Beyond the Wrong Answer and president of Shared Knowledge, LLC https://ishareknowledge.com