DOE Press Office
(Weekend Media Contact - Joe.Follick@fldoe.org)
Florida Department of Education Warns Teacher Preparation Participants That Data May Have Been Accessed Without Authorization
~ No indication data has been used inappropriately ~
Tallahassee, Fla. (June 21, 2013) – Personal information of teacher preparation program participants was exposed on the Internet during a transfer of data between servers housed at Florida State University, the entity performing work under contract with the Florida Department of Education.
During the transfer in late May, FSU’s Florida Center for Interactive Media moved the data to a new server, but failed to enact security measures to restrict access to only authorized individuals.
For a period of 14 days, personal information of about 47,000 participants in Florida teacher preparation programs during academic years 2009-10 through 2011-12 was publically accessible. (Note: academic years include summer, fall and spring semesters, so the last participants affected by the breach were enrolled in spring 2012.) FDOE was made aware of the failure to properly secure the data on June 11 and immediately worked with university officials to close the access, clear all cached data files, and run security checks to ensure the information was only accessible by authorized users.
An initial investigation indicates the personal information may have been accessed 23 times via Google, which may have included unauthorized access. There is no indication the data has been used inappropriately. The university and the department are notifying through all possible means any individuals whose information may have been exposed.
“This is unacceptable. All Floridians deserve our unceasing protection of their personal information and must have confidence that it will never be exposed for the potential of illegal use,” said Commissioner of Education Tony Bennett. “I have ordered a top to bottom review of the security of every database and our staff is expediting the transfer of all confidential information into servers directly monitored and secured by the department.”
“The university takes the protection of personal information very seriously and took immediate action to remedy the situation,” said Liz Maryanski, FSU’s vice president for university relations. “We are working closely with the Department of Education to notify those affected and will continue to assist.”
In addition to contacting those that may have been affected, the department will have staff available Monday to assist anyone who may have been impacted. That number is 866-507-1109 and will be in operation Monday afternoon. The cost of ID protection will be provided for those affected.
While the incident is being investigated, program participants who suspect their Social Security number or other personal information may have been misused or that they may be the victim of identity theft should contact the Federal Trade Commission at www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Affected persons may also call their local sheriff’s office and file a police report of identity theft, keeping a copy of the police report.
To protect themselves from the possibility of identity theft, individuals are encouraged to place a free fraud alert on their credit files. A fraud alert notifies creditors to contact individuals before opening new accounts in their name. Call any one of the three major credit reporting agencies at the numbers below to place a fraud alert and receive letters from the agencies with instructions on how to receive a free copy of their credit report.
Experian – 1-888-397-3742
Equifax – 1-888-766-0008
TransUnion – 1-800-680-7289