The social security numbers and other personal information of almost 1.5 million current and former Missouri public school students are in jeopardy, according to a state audit released Wednesday.
The Missouri State Auditor did a cybersecurity audit of the Missouri Student Information System — the system is used by the Department of Elementary and Secondary Education (DESE) to track all school students in the state. As part of the data collection, all school districts in the state send students' social security numbers to DESE, which stores them in its system.
As a result of the audit, DESE will change that.
“DESE has agreed to only collect the information that is absolutely necessary for what they need in their data, to destroy unneeded sensitive data from their system and then maintain that data safely and securely,” says Missouri Auditor Nicole Galloway.
“We need to be proactive to be sure to limit the collection of that data if it’s not necessary and then be proactive in protecting it to make sure it doesn’t fall into the wrong hands,” she says.
DESE says it needed the social security numbers to determine eligibility for the A+ scholarship program.
The department says that is no longer necessary. In a news release, DESE said it agreed with all audit findings and some changes have already been made.
The audit also found that user names and passwords were shared by some DESE employees. The auditor says if there was a data breach, it would be "difficult, if not impossible, to identify the individual responsible."
In addition, DESE was criticized for not having "a comprehensive data breach response policy" that would allow a quick response to a data breach.
Despite the findings, Galloway gave the DESE student information system a good rating.