Hey, there! Log in / Register

Oopsies: Boston Public Schools to change ID cards for 21,000 students after ID-card vendor loses thumb drive with the data

Story corrected to reflect fact BPS is changing the design of the cards, not the actual ID numbers, well, except for the CharlieCard part of the card.

BPS officials were forced to scramble over the weekend when they learned the company about to print up 21,000 student IDs lost a flash drive with basic student ID information.

The loss means BPS will come up with new OneCard ID cards for the students, to be printed by the vendor, Plastic Card Systems of Northboro:

None of the information contained on the drive can be used by an unauthorized person to access student records or log-in to any electronic systems. The sticker image data on the drive is limited to student names, school, age, grade, ID number, library card number, CharlieCard number and for about two-thirds of the cards, a photo. The drive did not contain any confidential student contact information, such as a home address, phone number, social security number or birth date.

The drive lost by the vendor contains .pdf images that are used to print 21,054 student ID badges for students across 36 schools – which include high schools and some middle schools that span grades 6-12. Elementary schools, K-8 schools and stand-alone middle schools are not affected. Plastic Card Systems reported the company could not find the drive after picking it up from BPS on Friday afternoon. Searches Friday night and over the weekend were not successful.

BPS adds that incoming students who were going to get new BPL library cards will be getting even newer cards. Students who already had BPL cards aren't affected by the loss, since they should all have their own unique PINs, BPS says.

More info from BPS.

Neighborhoods: 
Free tagging: 


Ad:


Like the job UHub is doing? Consider a contribution. Thanks!

Comments

BPS. First robocall of the season. Hope it's the last one about a screwup but I kind of doubt it.

up
Voting closed 0

A decent password and encryption of the drive would have saved an immense amount of time, trouble, and expense. Shame on BPS for not having any safeguard while naming the vendor who allegedly misplaced the flash.

up
Voting closed 0

you mean shame on the vendor for not using encrypted drives, BPS has no control over their security practices.

up
Voting closed 0

When BPS has physical possession of their data in a secure location, all is well and good. The vendor should also have physical security at their location. When sensitive data travels between the two and not 100% secure, either on media or over the Internet, it ought to be encrypted. It ought to be encrypted when stored and not actively used in general. For example HDMI digital video signals are encrypted while transmitted. HTTP data is encrypted.

If BPS was able to learn from others, it would have a solid security policy that did not allow insecure transmission of sensitive data.

up
Voting closed 0

Didn't we learn anything from Edward Snowden? Encryption!

up
Voting closed 0

I don't think their response is even close to being enough.

BPL Cards can have PINs associated with them, but they are only used for electronic resources, not regular borrowing - why are these numbers not being changed?

I don't see anywhere that is saying they are changing the BPS ID numbers. These absolutely need to be changed.

They are however changing the MBTA info for everyone- makes me think they are more concerned about the possibility of fake t passes than they are about student privacy and safety.

They also need a better safe guard for accessing student information than ID number and parent name, address or birthday. Maybe last 4 of a social would be better? Or hell, let parents set up a PIN in SIS that we can use to verify identity and change when we want.

up
Voting closed 0

You're right about the numbers, so I've changed the post to reflect what BPS said (with the proviso that the CharlieCard numbers, which are baked into the cards, are being changed).

up
Voting closed 0

Which just makes changing the CharlieCard number even weirder, they didn't say anything about the 21,000 Charlie Cards being lost...

up
Voting closed 0

The cards were not lost. It was a flash drive that contained information for the Charlie cards.

up
Voting closed 0

You ought to have wriitten out Boston Public Schools once for us dummies who don't know automatically know what BPS means, even though it ended up being as easy as one, two three to figure out. Thank you.

up
Voting closed 0

Thanks.

up
Voting closed 0