The Virginia state government has suffered another major data breach, their second this year. The most recent occurred September 21 when an unencrypted flash drive containing the names, Social Security numbers and employment and demographic information of 103,000 people was lost.
Those affected either took an adult education class between April 2007 and January 2009, or passed a high school equivalency test between January 2001 and June 2009.
Letters were sent last week to 77,577 former adult ed students, according to a press release from Virginia’s public instruction superintendent Patricia Wright’s office. Addresses are unavailable for the other 25,693 victims.
The flash drive was given to a representative of the Virginia Tech Center for Assessment, Evaluation and Education to be used to federally mandated research on September 21. The employee reported the flash drive missing the next day.
It is Virginia Department of Education policy that all sensitive information be encrypted when transferred. The two-gigabyte drive was not encrypted, and Virginia Tech officials are taking “appropriate disciplinary action” against the responsible employee. No details were given regarding what that disciplinary action entails.
The Department of Education has now updated its policy and employees are no longer allowed to transfer sensitive information via flash drive.
Hackers attacked the Virginia Department of Health Professions database this spring and demanded the state pay them $10 million in return for millions of personal pharmaceutical records. More than 530,000 people were affected by that date breach.
Medical records were not included in the stolen records, but some Social Security records were.
2 Comments
I live in Virginia and after I read this I started checking other states’ data breaches for my family and friends. They all have them! I added your blog to bookmarks. And i’ll read your articles more often!
I really like your blog and i respect your work. I’ll be a frequent visitor.