Within the space of a single week, the Indiana Department of Education was recently hacked twice although a spokesman for the Department has indicated that the vulnerability that enabled the attacks has been patched.  The Department said that no personal information of Indiana students was compromised in the attacks, saying that this information was kept on different servers than the one that operated the Department’s website.  Both attacks were claimed to be the work of a group calling itself the Nigeria Cyber Army, which boasted of the hacking on the Department’s website.  What makes this particular hacking noteworthy is that the vulnerability exploited in order to achieve the hacking was a flaw in Drupal content management software used by a billion websites around the world.  I told you about the Drupal security flaw in my Scam of the day for November 3rd.  Drupal warned its customers in late October of the flaw and urged its users to download the necessary security patch.  It was estimated by Drupal that around twelve million websites failed to install the security patch in a timely fashion.  It appears that the Indiana Department of Homeland Security was one of them.


So what does this mean to you and me?

First of all it is a reminder that our personal information is only as secure as the places holding our personal information with the worst security.  The second thing to remember is that when security flaws are discovered and security patches issued, companies and individuals should download and install the necessary security patches as soon as possible.  It is for this reason that I regularly provide you with the latest security patches as issued by the Department of Homeland Security.  Scammers and identity thieves count on companies, governments and individuals not promptly updating their software and take advantage of this delay to the detriment of all of us.