Security weaknesses in the Arizona Department of Education’s computer system are leaving teachers’ Social Security numbers and other private information vulnerable to hackers, the state Auditor General’s Office has concluded.
The agency’s report, being released today, said there is no evidence that the computer system has been compromised.
However, Auditor General Debbie Davenport said her staff found that personal information, like teacher names and birth dates, “could be viewed by individuals who have no right or need to access it.”
The Department of Education makes many of its applications accessible via the Internet so that schools can easily report information and access data.
Janice McGoldrick, the department’s chief information officer who oversees computer services, said virtually all of the problems the auditor has found already have been addressed — some of them even before auditors showed up.
For example, she said, the Department of Education had an “intrusion detection’’ system that would notify agency employees any time someone tried to break into the system.
But what was needed, she said, was “intrusion prevention’’ software to keep people from getting at the data in the first place.
McGoldrick acknowledged that some improvements remain to be done, including that the agency needs to have someone whose main job is to manage computer security.
She added that the patches already made need to be constantly checked.
“We have the continuous challenge to try to stay one step ahead of the hackers,’’ McGoldrick said.