The latest in the Montclair Schools assessment leak investigation, including breaking news of New Jersey’s OFAC coming in to conduct an investigation:
Township Council Allows its Director of IT to Review Server
In a Montclair municipal memo dated December 29, 2013 sent to members of the Township Council from Town Manager Marc Dashield, he shares answers from the Director of Information Technology for the Township of Montclair, Joseph Fagliarone, with regard to the security of the shared network server between the township and the Montclair School district. According to Fagliarione, “It was determined that no hacking or successful intrusion into our network from the point of entry ‘Firewall’ was found.”
Fagliarione goes on to state “However it was noticed that the folder permissions where the “leaked” files were stored had the wrong permissions. This setting allowed anyone to be able to access the files from the internet.”
The Board of Education launched an investigation on November 1 to determine how 14 of 60 assessments were publicly posted online. When the board asked permission from the municipal council to allow an IT forensic review of the shared server, the council denied the request. However, they allowed their Director of IT to have access to the district’s data on the server, and it seems they did so without permission.
Barista Kids asked Superintendent Dr. MacCormack who was the person responsible for managing those folder permissions. She wouldn’t answer, saying that the question is part of the investigation.
Board President Robin Kulwin says that this memo was never sent, nor discussed with her and the Board. She didn’t know of it until it was passed along to her on Monday. It was also brought to her attention that the group Montclair Cares About Schools had posted the letter on its public Facebook page Sunday, January 5. “If we’re all working on this together, why wasn’t this not shared with us?,” she questions. She also questions the Council doing the very thing that they denied the Board to do.
Kulwin also says the board never thought the system was hacked, but rather were investigating an unauthorized release. She says access to the server is needed as part of the IT review to look into IP addresses and emails to see if the assessments were released.
Barista Kids reached out to Township Manager Dashield, as well as all the council members, early yesterday morning with questions on why they allowed their IT person to access district data on the shared server while they deny the board the same right, why they didn’t share the findings with the Board, and how Montclair Cares About Schools received the memo. We haven’t received one response.
When Barista Kids asked the PR person for Montclair Cares About Schools how they received the memo, she didn’t answer, but responded that she was “completely confused and surprised by that question” because she felt, “it is so unrelated to the issue of concern to the public, which is the new information contained in the memo. That is the germane thing here and as I expect you’ve noticed other media seem to see it that way as well.”
Office of Fiscal Accountability and Compliance (OFAC) Comes in to Conduct Investigation
The Board has put out the following press release late Tuesday night:
The New Jersey Department of Education today informed the Montclair Board of Education that the Office of Fiscal Accountability and Compliance (“OFAC”) will conduct an investigation into a potential data security breach related to the unauthorized release of proprietary and confidential assessments belonging to the Montclair Board of Education. OFAC was one of several government agencies that the Montclair Board of Education contacted soon after learning of the unauthorized release of certain of its assessments.
Board intends to support fully OFAC’s efforts and will schedule a meeting of the Board as soon as practical to discuss suspending its own investigation. The Board will continue to provide any and all support requested by OFAC.
In response to OFAC’s involvement, Board President Robin Kulwin stated, “I’m very pleased that OFAC has decided to conduct its own investigation related to the district’s computer systems. I reached out to the Department of Education shortly after learning of the assessment release. I’m confident that OFAC’s investigation will enable the Board and the Montclair community to obtain a detailed understanding of the events leading to the unauthorized release of our assessments. More importantly, OFAC’s involvement will enable the Board to shift its focus back to its primary mission of governing the public schools.”