Maricopa Security Breach

The rest of the story

By

Call for FTC to intervene | MCCCD Security Breach

A new article was recently published in Databreaches.net that calls for a congressional inquiry of the MCCCD security breach. The breach at MCCCD exposed the identity of 2.5+ million people for life. It could have been avoided as clearly shown in this timeline of events.

The MCCCD administration was warned multiple times by their employees and members of the community.  They chose to ignore all warnings and scapegoat employees.  Even at this juncture, MCCCD may still be at risk as disclosed in recent Governing Board minutes. If the 2011-2013 warnings were not enough, the MCCCD Administration and Governing Board still refuse to meet with employees and address remaining security issues presented to them as recently as April 2014.

MCCCD Breach

Largest Security Breach in Education

In a recent development, the FTC has file a complaint against Wyndham Hotels for failure to protect consumer personal information. The MCCCD security breach is much larger than the Wyndham case and it goes to show that when it comes to consumer protection and privacy of information it does not matter whether an organization is private or public.

MCCCD is now dealing with a $6.25 billion class action lawsuit, the threat of potential bankruptcy, disgusted Board Members, future issues with bond ratings, employee attrition, drop in enrollment worth millions, stonewalling of the mediadamage to its reputation in the community and millions of taxpayer dollars being wasted in lawyers.  Whether education or private sector, a security breach is a security breach.  If the FTC plans to hold those in private industry accountable, they should do the same in all industries.
Read More

By

The Target and the MCCCD security breach compared

Target’s CEO has become the first boss of a major corporation to lose his job over a breach of customer data, showing how responsibility for computer security now reaches right to the top. —- Associated Press

It’s a new era for boards to take a proactive role in understanding what the risks are.  —- Cynthia Larose, chair of the privacy and security practice at the law firm Mintz Levin.

The Target and MCCCD represent two contrasting approaches on how to handle a security breach. There are striking similarities on what took place and significant difference on how the companies handled the situation.
So far, the Target Board of Directors has looked at risks and taken action to protect their company. They have chosen transparency and a clean slate as they move forward.  In contrast, the MCCCD Governing Board has taken no action.  It has surrounded itself with lawyers. It is breaking several AZ laws according to current lawsuits, keeping the top of the organization intact, blaming employees and stonewalling everyone. Which company would you want to work for?  Which company has a better chance to survive?

Here is what they have in common:

  • They both had a CEO and CIO (Chancellor and Vice-Chancellor of IT) responsible for the organization
  • Read More