According to the Department of Elementary and Secondary Education (DESE), the personal information of approximately 620,000 current and former teachers was at risk of public disclosure — more than six times the initial 100,000 Social Security numbers the St. Louis Post-Dispatch originally estimated were vulnerable.
(Photo- Commissioner of Education Margie Vandeven speaks at a July 2020 press conference- Missouri Governor’s Office).
Last month, a St. Louis Post-Dispatch reporter discovered the security flaw, notified the state of the issue and promised to hold publication of a story until it was fixed. Instead, state departments and Gov. Mike Parson labeled the reporter a “hacker” and vowed to seek criminal prosecution.
DESE, along with the Office of Administration’s Information Technology Services Division, will provide a year of credit and identity theft monitoring services through IDX, a consumer privacy platform. The state is unaware of any misuse of teachers’ social security numbers, and teachers can expect to receive notices with details of the monitoring services.
By using an existing multi-state contract, the credit monitoring services are estimated to cost about $800,000, according to a news release.
Last month at a press conference where he refused to answer questions, Parson said the incident may cost the state upwards of $50 million — a figure some Democratic lawmakers doubted — and said his administration would stand up “against any and all perpetrators who attempt to steal personal information and harm Missourians.”
Republican and Democratic lawmakers and cybersecurity experts quickly pushed back on the state’s characterization of the reporter’s efforts. Shaji Khan, an associate professor at University of Missouri-St. Louis who spoke to the newspaper in its reporting, demanded a public apology from state officials and payment for his legal costs.
A spokesman for the Missouri State Highway Patrol said Wednesday that its investigation is ongoing.
Noticeably, the term “hacker” was absent from Wednesday’s news release.
Last month, a St. Louis Post-Dispatch reporter discovered the security flaw, notified the state of the issue and promised to hold publication of a story until it was fixed. Instead, state departments and Gov. Mike Parson labeled the reporter a “hacker” and vowed to seek criminal prosecution.
DESE, along with the Office of Administration’s Information Technology Services Division, will provide a year of credit and identity theft monitoring services through IDX, a consumer privacy platform. The state is unaware of any misuse of teachers’ social security numbers, and teachers can expect to receive notices with details of the monitoring services.
By using an existing multi-state contract, the credit monitoring services are estimated to cost about $800,000, according to a news release.
Last month at a press conference where he refused to answer questions, Parson said the incident may cost the state upwards of $50 million — a figure some Democratic lawmakers doubted — and said his administration would stand up “against any and all perpetrators who attempt to steal personal information and harm Missourians.”
Republican and Democratic lawmakers and cybersecurity experts quickly pushed back on the state’s characterization of the reporter’s efforts. Shaji Khan, an associate professor at University of Missouri-St. Louis who spoke to the newspaper in its reporting, demanded a public apology from state officials and payment for his legal costs.
A spokesman for the Missouri State Highway Patrol said Wednesday that its investigation is ongoing.
Noticeably, the term “hacker” was absent from Wednesday’s news release.
No comments:
Post a Comment