A school in Woodbridge, Virginia, held a meeting with parents last night to discuss the loss of a USB flash drive containing personal information about students.
Lake Ridge Middle School posted an advisory on its website explaining that the USB drive was used by school administrators “to contact parents in the event of an emergency occurring after school hours or under circumstances where the school building might become inaccessible or require evacuation.”
The contents of the lost USB drive included the students’ id number, their name, the name of their parent or guardian, phone numbers and other data.
Hardly the kind of information that you would want to fall into the wrong hands and – one must assume as it’s not mentioned – it appears that the data on the drive was not encrypted.
The school meeting heard that the USB drive was stolen last week following a theft from an unnamed school official’s car.
Jo Fitzgerald, the school’s principal, apologised for the security lapse on behalf of the school’s board.
Of course, this is far from the first time that USB sticks have been lost containing sensitive information about children, but when will schools and educational establishments wake up to the importance of properly securing this kind of data?
Aside from the issue of whether such sensitive data should be left unattended in a car anyway, why isn’t encryption being used as a matter of course to ensure that – even if the information does fall into the wrong hands – it can’t be deciphered?