QUESTION
What was the timeline for notifying the Office of Technology and Innovation (OTI) about the data breach vulnerability?
1:57:38
·
52 sec
The Chief Information Security Officer explains that it took approximately 60-90 days from when the global community became aware of the vulnerability to when OTI received a full accounting of the affected data elements and impacted victims from the Department of Education.
- It was around 60-90 days from identifying there was a vulnerability that could lead to a data disclosure
- This 60-90 day period was the time between the initial awareness of the vulnerability and OTI receiving details on what data was impacted and who the victims were
- The timeline covers the period from globally identifying the vulnerability existed to OTI being notified of specifics by the DoE and city's discovery team
Jennifer GutiƩrrez
1:57:38
And what can you share about the the timeline, though?
1:57:41
How how soon after was OTI notified and, like, what was the lapse of time between when you were made aware and then
Kelly Moan
1:57:53
be So if I'm remembering correctly, it was I want to say roughly between 60 90 days from all 68 days.
1:58:03
60 to 90 days from the determination that there was a disclosure of the vulnerability.
1:58:09
Right?
1:58:10
Not a fix, but the global community identified and were made aware that there was a vulnerability to a full accounting from the DOE and our knee discovery team of the relevant victims and those notifications being shared.
1:58:28
With what data elements were then impacted.
