Maricopa Security Breach

The rest of the story

By

Analysis of Board Minutes after 2013 MCCCD Security Breach

The following blog contains a review of items as they relate to the 2013 Maricopa Community College security breach and as documented in the MCCCD Board Minutes from April 2013 until February 2014. Board minutes are available online. Click on the Motion number link to see the details. Here are additional resources and news coverage if you are interested.

 See observations and commentary below.

Board spending

We have used existing Board minutes to document Board items since the 2013 security breach. A few things are not very straight forward and others may need more explanation for the public to understand.  

Date

Event

IT Budget

Request

(Millions)

from

Board

Security Breach

Legal Fees

(Millions)

from

Board

Board

Motion

4/2013

FBI Notifies MCCCD of breach

4/9/13 – Board Meeting

Nothing related to security discussed

4/23/13 – Board meeting

Nothing related to security discussed


Conceptual approval of $15 million for Student Information System Upgrade from Oracle

 

V.A.2 APPROVAL OF RESOLUTION AUTHORIZING SALE AND ISSUANCE OF $151,090,000 AGGREGATE PRINCIPAL AMOUNT OF MARICOPA COUNTY COMMUNITY COLLEGE DISTRICT OF MARICOPA COUNTY, ARIZONA, GENERAL OBLIGATION BONDS, SERIES 2013 —

Read More

By

ABC 15 Coverage – Maricopa County Community College security breach update: Workers told to turn over documents

Here is today’s News 15 coverage on the MCCCD security breach

http://www.abc15.com/news/let-joe-know/maricopa-county-community-college-security-breach-update-workers-told-to-turn-over-documents

MCCCD employees have received a letter from James Bowers, Interim VC of HR requesting that documents be turned over to the District.   Here is a brief synopsis:

1.  MCCCD has not provided employees access to records they need for their defense.  It has now been nearly a month an a half since records were requested.  The official records request sent to MCCCD in mid-January will be posted here shortly. No response or acknowledgment has been received from MCCCD.

2.  To make things worse, MCCCD now wants employees to return records they obtained via official records request regarding the security breach.

3.  Neither Mr. Corzo or Mr. Monsour have any sensitive information about the MCCCD Network. At the time of the incident, the responsibility, access and knowledge of the MCCCD network rested with another Director in the organization.  The harm has been done by MCCCD failure to act on information provided.  The harm to MCCCD now goes beyond a security breach.

4.  The press has been stonewalled when it comes to records request as well and little or nothing has been provided. MCCCD claims that documents are confidential and cannot be provided due to the hearing even though employees have waived their rights to confidentiality. We will post the letter from MCCCD here as well as the employee response.
Read More

By

The MCCCD security breach downward spiral

The picture below illustrates the main elements that ultimately led to the 4th largest security breach in the US in 2013 according to Identity Theft Resource Center.

Two main elements combined in 2011-2013 to create the perfect storm for the  Maricopa Community College IT Department:

  • MCCCD management ignored employee warnings as reported by the press.
  • Hostile environment and fear in the workplace drove  IT employees out.

These two elements created the perfect storm for MCCCD IT.  Now,  MCCCD is seeking to raise tuition and the tax levy to rehire and retrain employees. These funds will also be used to  pay for expenses associated with the security breach.

The IT department at MCCCD lost its core IT staff in 2011-2013.  It was deprived of institutional knowledge to support technology.  Attempts to replace the staff with consultants failed and now they must rehire and retrain.

trident-with-text