A reader passes this May 2014 story along from SC Magazine reporter Adam Greenberg:
About 6,500 current and former employees of the American Institutes for Research (AIR) may have had unencrypted information – including Social Security numbers and payment card information – compromised after unauthorized access was gained to one of the organization’s servers.
How many victims? About 6,500.
What type of personal information? Social Security numbers and payment card information is among the unencrypted data that was compromised.
What happened? Unauthorized access was gained to an AIR server that contained the information.
What was the response? AIR brought on a digital forensics firm to carry out an investigation. All impacted employees are being notified and offered a free year of credit monitoring services.
Details: AIR learned of the incident on May 12. Notification letters are dated May 14. The breach impacted business systems, and student and client information was not affected.
Quote: “At this point, we have no evidence that any information was accessed or misused,” according to a notification letter from David Myers, president and CEO of AIR, obtained by Education Week.
So AIR went through with Florida’s testing knowing they’d already been compromised. Was Pam Stewart or anyone at the FLDOE aware of AIR’s previous hack? Why wasn’t AIR able to protect it servers? Have Florida’s public school children become collateral damage in some sort of corporate warfare?