Missouri’s Office of Administration Information Technology Services Division (OA-ITSD) and the Department of Environmental Quality (DESE) will send letters to those who have been affected, informing them that their personally identifiable information “may have been compromised during a recent data vulnerability incident.”
Last month, the event made national headlines when the state’s governor used it to attack The St. Louis Post-Dispatch. Josh Renaud, a newspaper writer, uncovered a weakness in the certification database that exposed instructor data, alerted the DESE, and waited for them to repair it before publishing his storey.
Governor Mike Parson of Missouri, on the other hand, claimed Renaud “hacked” the database himself and threatened Renaud with legal action. Parson has used the incident to fundraise for himself, bringing in about $85,000 thanks to an ominous video doubling down on the hacking accusations, according to the Post-Dispatch. Since being mocked by cybersecurity professionals — and even members of his own party — Parson has used the incident to fundraise for himself, bringing in about $85,000 thanks to an ominous video doubling down on the hacking accusations.
However, DESE authorities and members of the OA-ITSD apologised to the instructors whose data was leaked this week and offered 12 months of credit and identity theft monitoring through IDX.
“I am unaware of any misuse of individual information or if information was obtained unlawfully outside of an isolated occurrence,” the state alleges. Officials said they intended to provide teachers with some protection “out of an excess of caution.”
According to DESE, Renaud claimed he was able to examine the social security numbers of some teachers “via a multi-step method” that included obtaining the certification records of at least three educators and then “decoding that data” using the encoded source data from that webpage.
“The state will pay about $800,000 for the services provided by IDX. The state was able to take advantage of a multi-state contract with this vendor, lowering the cost of credit and identity theft monitoring services dramatically.”
During a press conference, Parson claimed that the incident would cost the state $50 million, rather than the $800,000 that is already being spent. Despite the mockery Parson received from cybersecurity experts, the issue is still being investigated by the Missouri Highway Patrol.