Pennsylvania Department Of Education Breach Exposes Teacher Personal Information

Author:Mr Alex R. D'Amico
Profession:Morrison Mahoney LLP

On February 23, 2018, the Pennsylvania Office of Administration (OA) announced that a security incident involving the Teacher Information Management System (TIMS) exposed the personal information of teachers. TIMS is an online platform used by educators in Pennsylvania. Current and prospective teachers can create and manage profiles to collate their certifications in education, and administrators use TIMS to review applicant credentials. According to the announcement, between 12:00 p.m. and 12:30 p.m. on February 22, 2018, users who logged into TIMS had access to teacher personal information, which may have included names and social security numbers. The announcement advised that the incident was the result of human error by an OA employee, and that, in response to the incident, the Pennsylvania Department of Education (PDE) and OA are taking steps including: investigating the scope of the incident, mailing letters to the affected individuals offering free credit monitoring services, reviewing internal procedures, and implementing changes to prevent similar incidents in the future.

The TIMS breach, along with the response, is instructive for three reasons. First, it serves as an important reminder that cyber risk is not exclusive to tech companies like PayPal and Uber. Indeed, the field of education, which necessarily involves the personal information of both students and professionals, faces cyber risk just like many industries in the corporate world....

To continue reading