My mom alerted me to a data breach involving the Louisiana Office of Student Financial Assistance (LOFSA) and their back-up provider, Iron Mountain. While news of the breach is quickly being spread in state and local news outlets, the story is not getting widespread pickup. According to the AP story:
The case was lost Sept. 19 when a driver for a Boston-based contractor failed to follow company procedures when loading it onto his vehicle, according to a statement e-mailed Wednesday by Laura Sudnik, spokeswoman for Iron Mountain Inc.
Even if you have never resided in the state of Louisiana, “Anyone who has completed a FAFSA and included a Louisiana postsecondary institution as an institution to which FAFSA data should be sent” may also be affected.
A few thoughts:
- Are there so many data breaches these days that large news outlets don’t blink when they hear of another one? Surely there are a lot of parents, and students, in the New York City area who may be interested in knowing that their names, social security numbers, and financial information may be compromised — merely by clicking “yes, send my FAFSA to Tulane.” Will The New York Times pick this story up?
- I understand why Iron Mountain wouldn’t want to call attention to the data breach on their website. But, still, as someone who may be adversely affected by their mistake, it annoys me to visit their home page and not see the data breach mentioned. When there is a safety recall for a food product, or for a toy, aren’t companies legally bound to acknowledge and spread news of their mistake? Is identity theft somehow less of a consumer risk that spinach that may or may not contain e. Coli? Shouldn’t Iron Mountain be the first to admit their error and work overtime to resolve it, using all the tools in their arsenal — including their website?
- How come my alma mater, Loyola University, hasn’t sent out an email blast to all of its alumni yet? My personal email address is registered with them, and they contact me frequently via direct mail as well. What role should the universities most affected by this breach play in alerting students? If I were on the university communications staff, I would do more than post a press release to the rotation that eventually leads — 4 clicks in — to this page.
We use many tools to monitor news of data breaches and laptop theft on behalf of our clients in the computer security industry. But you can always count on good old word-of-mouth networks to alert you of the news that affects you personally, before the story hits the headlines. Thanks, Mom. I’ll be keeping an eye on this (and calling Experian shortly).
No related posts.
{ 0 comments… add one now }