Information security issues at Virginia Department of Education being addressed

ROANOKE (WSLS 10) –  A WSLS 10 investigation leads to new information on Friday.

We first told you Thursday about personal information, including data on students and teachers, at possible risk. It’s being stored by the Virginia Department of Education (DOE) and it’s not secure according to an audit released this week.

The Virginia Department of Education was notified Friday that all 13 computer servers that needed to be upgraded were installed as of Friday morning. This is weeks ahead of what they were planning on and weeks ahead of what they told WSLS 10 when we started asking questions this week.

The Virginia Auditor of Public Accounts (APA) said software and hardware needed to be upgraded to keep personal information protected.  The outdated servers have names, addresses and social security numbers of Virginia teachers and anyone who has a Virginia teaching license.  Student data, such as names and some addresses is also not secure according to the audit report.

The report says “Education does not upgrade certain IT software… which increases the risk that a malicious attacker will exploit these vulnerabilities, leading to a data breach.”

“Because these are classified these are ‘material weaknesses’ they are concerning,” said George Strudgeon, Audit Director with the Auditor of Public Accounts (APA). “They are fairly rare in audits.”

Strudgeon said data security issues were pointed out in previous audits and the DOE hired an information security officer to oversee plans, but there has not been a significant improvement in security. He said the APA was anticipating an improvement for but that has not happened.

“Information is always at risk, that’s the nature of information security. The report is specifically addressing our current environment in a point of time,” said Brian Gibbs-Wilson, Virginia Department of Education Chief Information Security Officer when we asked him about the audit report.

As of Friday morning, all servers have been installed and are now being tested. The Department of Education said this now puts them on track to meet the deadline of having the new hardware and software updated by April 1.

The DOE wants to assure everyone the department has not had a breach in security.

WSLS 10 may allow you to upload, post, transmit or otherwise provide content to WSLS 10, including, but not limited to, photos, video, audio, comments, articles, blogs, forums and any other such communication in which you provide content to the Web site ("User Content"). You agree that you are solely responsible for your communications and any content you provide. Read full terms and conditions of use by clicking here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s