California College Breaches Call Attention to Importance of Better Security Education

Data breaches don’t always come from outside an enterprise’s walls, and they’re not always malicious. Some of the time — a lot of the time, in fact — the compromising of information results from an innocent employee error, and not some external source.

Still, whether a breach comes from without or within, deliberate or inadvertent, the message for the impacted organization is the same: Boost enterprise security to prevent something like that from happening again. After all, security is not just about installing defensive walls. It’s also about educating all employees of a company on the best practices when it comes to safe business computing.

For California Colleges, the Necessity of Employee Education is a Lesson Learned the Hard Way
If an employee accidentally leaks a trove of private company information, it’s not that individual worker who will be called to task — it’s the enterprise. And that’s exactly the way it should be, since the responsibility lies with company administrators to educate their entire staff on the importance of safety in computing.

Overlook one staffer when it comes to security education and you could end up with a major debacle — a situation two California colleges learned firsthand when employee error resulted in breached information.

According to eSecurity Planet, the two colleges — College of the Desert and Riverside Community College District — suffered the exposure of privileged information due to a mistake on the part of an employee. Unfortunately in the digital realm, it often happens that one seemingly small mistake leads too enormous consequences, and such was the case here, with a total of 37,000 records exposed between the two breaches.

RCCD, whose breach resulted in the vast majority of exposed records — more than 35,000 — sent out a notification letter in which interim chancellor Irving G. Hendrick said that the compromised data included highly privileged student information like identification numbers and Social Security numbers.

“At this time we don’t know if the external email account is active, but be assured that we are implementing safeguards to help prevent anyone from using your data,” he said.

In typical fashion of an organization acknowledging a breach, the RCCD is offering those impacted a year of credit monitoring. However, this option is unlikely to alleviate the sense of information insecurity that those affected will undoubtedly feel in light of the data compromise. In order to prevent situations like this from ever happening in the first place, all organizations must ensure not only strong security measures, but also the education of staffers about upholding that security.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation