The truth no one ever heard until now!
Oracle Security Report Not Shared
It looks like people with inside information into the Security Breach at MCCCD are now starting to disclose new information to the media that was never shared before. This recent post by Databreaches.net points to MCCCD hiding information (Oracle Corp. security assessment) from its own employees and the public for plausible deniability in litigation. Critical vendor reports were never shared with the staff in 2008, 2011 and 2013.
Millions are being spent defending against the largest security breach in the history of higher education. All of it could have been avoided had the MCCCD Administration shared with its own staff technical reports from Oracle they knew about. The identity of several million people has been stolen when according to the report from Databreaches.net, the organization withheld critical information that could have prevented it. Furthermore, this information from Oracle Corp. may still be an internal secret to most of the employees at MCCCD who are trying to secure the system after the 2013 breach.
EPIC urges FTC to investigate
And then there were two…
In what appears to be a renewed interest in the MCCCD security breach case, a new FTC complaint has now been filed by EPIC about this now “EPIC” college breach story that may set a precedence for compliance in educational institutions across the country. They now joined a previous FTC complaint filed by databreaches.net
EPIC is a public interest research center located in Washington, DC. They focus on emerging privacy and civil liberties issues and is a leading advocate before the FTC. EPIC has previously testified before Congress on the need for financial institutions and companies to protect consumers against data breaches.
If these FTC complaints hold sway with the FTC, this could turn into the most significant breach in the world of education and bring about a sea of change. These complaints claim that MCCCD is to be held responsible under the ‘Safeguard Rule” of the Gramm-Leach-Bliley (GBL) Act.
Here is the latest information.
EPIC Press release
Databreaches.net coverage of this topic
EPIC seeks enforcement action over Arizona data breaches - Computerworld
Target’s CEO has become the first boss of a major corporation to lose his job over a breach of customer data, showing how responsibility for computer security now reaches right to the top. —- Associated Press
It’s a new era for boards to take a proactive role in understanding what the risks are. —- Cynthia Larose, chair of the privacy and security practice at the law firm Mintz Levin.
The Target and MCCCD represent two contrasting approaches on how to handle a security breach. There are striking similarities on what took place and significant difference on how the companies handled the situation.
So far, the Target Board of Directors has looked at risks and taken action to protect their company. They have chosen transparency and a clean slate as they move forward. In contrast, the MCCCD Governing Board has taken no action. It has surrounded itself with lawyers. It is breaking several AZ laws according to current lawsuits, keeping the top of the organization intact, blaming employees and stonewalling everyone. Which company would you want to work for? Which company has a better chance to survive?
Here is what they have in common:
- They both had a CEO and CIO (Chancellor and Vice-Chancellor of IT) responsible for the organization
Here are sections of the 3/25/2014 MCCCD Governing Board Meeting where the topic of the security breach came up. Comments were made in public regarding the extension of the Wilson Elser contract and the way the administration is handling the current breach.
MCCCD Board Members discuss the security breach and Wilson Elser Contract
Members of the community talk about the security breach during the Citizens Interim portion of the Board Agenda. Items discussed: impact to the community, costs, what it means to you, employee issues etc.
Community members shared their views on the MCCCD Security Breach. How does it affect you?