Dallas School District Reveals Major Data Breach
One of America’s largest school districts has informed students, alumni, parents and employees that personal data from the past 11 years was exposed after a third-party gained unauthorized access to it.
The Dallas Independent School District (ISD) claims to serve 145,000 students in 230 schools across the region and boasts 22,000 employees.
However, it revealed last Friday that it was notified about a data security incident on August 8. Although the district is still working out which data was exposed for each victim, students, employees and contractors between 2010 and the present were likely affected.
“An unauthorized third party accessed our network, downloaded data, and temporarily stored it on an encrypted cloud storage site. The data have since been removed from the site,” it noted.
“To date, our cybersecurity experts have found no evidence indicating the data was otherwise accessed, disseminated, or sold. However, we cannot be 100% sure until our ongoing investigation is complete.”
The breached data includes full names, addresses, phone and social security numbers, dates of birth and employment and salary info for current and former employees and contractors.
For current and former students, it includes full names, social security numbers, dates of birth, parent and guardian info and grades. According to the alert, some students’ custody status and medical conditions may also have been exposed.
The district is offering 12 months of credit monitoring and ID theft recovery services and said it is continuing to investigate and remediate the incident. However, it’s still unclear what the attacker’s motives were.
“We confirmed that the unauthorized third party removed the data from the encrypted cloud storage site and has informed us the data was not disseminated or sold to anyone,” Dallas ISD claimed.
It’s also not clear how the attacker managed to access the electronic records, although the district claimed that its IT team had been working with forensic experts to fix “specific vulnerabilities that were exploited during this event.”