The personal information of thousands may have been compromised by a security breach in San Antonio’s largest school district, only it happened in August and the affected students and staffers are first learning about it now.
Northside Independent School District Superintendent Brian Woods sent letters in late December to roughly 23,000 former and current students plus employees about a hack that might have put their personal online data at risk, KSAT reported. In the correspondence, Woods wrote the district “immediately took steps to secure the email accounts and launched an investigation to determine whether any sensitive information was accessed or acquired.” He also stated that Northside ISD reported the incident to the proper law enforcement agencies.
While Woods acknowledged that district officials had no evidence or reason to believe hackers obtained any personally identifiable information of any students or staff members, access to the data in the emails “could not be ruled out.”
On Wednesday, Northside ISD spokesman Barry Perez said the district discovered someone hacked into several employee email accounts on August 12. He explained an internal investigation later revealed the breach might be more widespread.
“So we secured the services of an outside computer forensic investigator who came in and had to go through hundreds of thousands of emails,” Perez said.
Also, he told KSAT that school district officials confirmed there had been a larger breach, which “could include names, could certainly include addresses, could certainly include maybe dates of birth.” He underscored that letters were only sent to those individuals whose personal information may have been jeopardized. Perez advised any people who believe they were incorrectly omitted from receiving the letter to contact the school district.
To date, no suspicious evidence surfaced to suggest any of the breached data was used by a hacker for any illegal activity. However, Perez said the district encourages everyone who received a letter to remain vigilant and closely monitor all accounts and bank statements, and report any unusual or fraudulent activity to their financial institutions immediately. Northside ISD will provide one year’s worth of free professional credit monitoring to all of the 23,000 individuals.
WOAI questioned Perez why it took so long for the school district to contact the thousands of employees and families of minors whose personal information may have been threatened. He responded: “Our intention was not to keep people uninformed, our intention was to determine the scope of the breach and to make sure we inform those individuals, it was just a time consuming process.”
Although the cyber-scare appears to be over, Perez said the forensics team still monitors the situation. Today, protecting the personally identifiable information of students has become a sensitive topic as K-12 schools rely increasingly on technology to collect student data, use the cloud for online storage, plus for apps, software, learning programs, and web-based testing. Schools can be a gold mine for cybercriminals, hackers, pedophiles, and other nefarious characters floating around on the dark web.
Over 2015 and 2016, breached K-12 information included Social Security numbers, birth dates, medical information, school system usernames, passwords, names, addresses, email addresses, phone numbers, student ID’s, and parent names, according to Privacy Rights Clearinghouse. In April, the W-2 tax forms of 40 public school staffers in Arlington, Washington was compromised.
Follow Merrill Hope, a member of the original Breitbart Texas team, on Twitter.