Students' personal data exposed after USB drive stolen

Filed Under: Data loss

Lake Ridge Middle School Logo
A school in Woodbridge, Virginia, held a meeting with parents last night to discuss the loss of a USB flash drive containing personal information about students.

Lake Ridge Middle School posted an advisory on its website explaining that the USB drive was used by by school administrators "to contact parents in the event of an emergency occurring after school hours or under circumstances where the school building might become inaccessible or require evacuation."

The contents of the lost USB drive included the students' id number, their name, the name of their parent or guardian, phone numbers and other data.

Hardly the kind of information that you would want to fall into the wrong hands and - one must assume as it's not mentioned - it appears that the data on the drive was not encrypted.

School's warning about lost data on USB stick

The school meeting heard that the USB drive was stolen last week following a theft from an unnamed school official's car.

Jo Fitzgerald, the school's principal, apologised for the security lapse on behalf of the school's board.

Of course, this is far from the first time that USB sticks have been lost containing sensitive information about children, but when will schools and educational establishments wake up to the importance of properly securing this kind of data?

Aside from the issue of whether such sensitive data should be left unattended in a car anyway, why isn't encryption being used as a matter of course to ensure that - even if the information does fall into the wrong hands - it can't be deciphered?

By the way, if you're looking for general tips to keep students and staff safe online, check out our newly-released K-12 security toolkit.

,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.