Morning Security Brief: Oregon High School Shooting Aftermath, Restaurant Chain Payment Data Breach, Roadway Sign Hacking

By Ann Longmore-Etheridge

►In the aftermath of yesterday's shooting at Reynolds High School in Troutdale, Oregon, the inevitable spotlight is being shown on security in place at that school, where a gunman entered and killed one student and wounded an employee. The Oregonian reports that Troutdale Police Chief Scott Anderson told the media that two school resource officers were to be credited for saving many lives by their quick response. However, The Oregonian notes that the school had multiple buildings with multiple entrances, no checkpoints for visitors, and that "a visitor entering the main classroom building from the side parking lot walks right into a large common area where students gather throughout the day." Training had been undertaken, however, on the Standard Response Protocol system, which focuses on "four options for how to respond to a real or perceived crisis -- either by providing shelter, evacuating students, locking a building to outsiders or locking down a campus." This training is reported to have been used successfully during the gunman's assault. The newspaper also points out that yesterday's violence was the 74th shooting at an American school campus since the massacre at Sandy Hook Elementary in 2012.

►U.S. restaurant chain P. F. Chang's China Bistro is investigating a data breach involving consumer payment account details. The breach was noticed when the credit and debit card details were found on sale at, a known vendor of stolen customer account data. According to KrebsonSecurity, "Several banks contacted...said they acquired...multiple cards that were previously issued to customers, and found that all had been used at P. F. Chang’s locations between the beginning of March 2014 and May 19, 2014. Contacted about the banks’ claims, the Scottsdale, Arizona-based restaurant chain said it has not yet been able to confirm a card breach, but that the company “has been in communications with law enforcement authorities and banks to investigate the source.”

►Slate reports on the hacking of roadway signs to put up usually lighthearted messages like "Godzilla Attack!" The U.S Department of Homeland Security's Systems Cyber Emergency Response Team sent out an alert to its contractors who use digital signs by Daktronics that hackers were gaining access because the passwords that control the sign systems were posted online. The alert told users of the signs to "take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet; locate system networks and devices behind firewalls, and isolate them from the business network; and when remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices."


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.