Another data breach is making headlines, this time concerning tens of thousands of students in Florida and Virginia.
The New York Times reported the news Monday, which involved the Princeton Review, a test-preparatory firm, and a portion of its web site.
The Times reported that the firm ...
"... accidentally published the personal data and standardized test scores of tens of thousands of Florida students on its Web site, where they were available for seven weeks.
A flaw in configuring the site allowed anyone to type in a relatively simple Web address and have unfettered access to hundreds of files on the company's computer network, including educational materials and internal communications.
Another test-preparatory company said it stumbled on the files while doing competitive research. This company provided The New York Times with the Web address of the internal files on the condition that it not be named. The Times informed the Princeton Review of the problem on Monday, and the company promptly shut off access to that portion of its site."
To get some perspective on this latest data debacle, I talked to Charlotte Dunlap, a senior analyst covering Information Security at Enterprise Strategy Group. She's also my wife.
"This is the latest illustration of an ongoing problem where companies are causing breaches in security of people's privacy through the use of the Internet without proper use of security technology," Dunlap said. "It highlights an ongoing chain of similar events first brought to the public's attention through the T.J. Maxx incident."
(Between 2003 and 2006, T.J. Maxx was hit by hackers, who took the credit and debit card information of a "limited number" of customers, as Internetnews.com reported.)
Dunlap said the Princeton Review debacle also plays up the growing importance of emerging security technology such as data loss prevention (DLP). "This is why companies like Vontu fetched $350 million through an acquisition by Symantec," she said. Vontu is the leader in DLP technology.
A slew of other DLP providers have been snatched up by security and infrastructure companies over the last couple years, including McAfee's recent acquisition of Reconnex.
"We'll begin to see integration of DLP technology into the network infrastructure as a result of increased legislation throughout the country which requires companies to notify customers of such breaches," Dunlap said. Clearly, companies are concerned about brand reputation following such breaches.
She said another thing driving DLP is the potential loss of intellectual property and the competitive advantage rivals receive when they get their hands on IP.
The Princeton Review incident should trigger companies to take stock of their own data protection strategy. Too often, it takes a train wreck like this one to get companies to change.
Comment and Contribute
