Virginia county school data accidentally posted online

Share this article:

An undisclosed number of Loudoun County Public Schools (LCPS) students and staffers in Virginia may have had personal information compromised after their data was accidentally posted publicly online.

How many victims? Undisclosed, but LCPS served about 60,000 students in 2013 and employs thousands of staff and faculty. 

What type of personal information? Names, addresses, telephone numbers, dates of birth, places of birth, dates of attendance and student schedules. 

What happened? Following some tests, links to the information were accidentally made available online by employees with Risk Solutions International (RSI) – a company that maintains an emergency management website for LCPS.

What was the response? The information was taken down. LCPS Department of Technology Services staff went through each link to determine its content. RSI worked with service-engine providers to remove accessed documents that were cached during the incident.

Details: The information is typically password-protected, but 1,286 links with information on all 84 LCPS schools were made available. RSI employees engaged in technical testing on Nov. 4, 2013, Dec. 19, 2013, and Dec. 24, 2013. The exact date the information was made publicly available is unknown, but LCPS was made aware of the incident on Jan. 2. Exactly how many links were viewed is unknown. The cached documents were removed as of Jan. 8.

Quote: “The website was not forcibly entered,” according to a post on the LCPS website. “The website never lost its password security.”

Source: loudoun.k12.va.us, “Further Information on Risk Solutions International Website Issues,” Jan. 8, 2014.

Share this article:

Sign up to our newsletters

POLL

More in The Data Breach Blog

Thousands had data on computers stolen from California medical office

Bay Area Pain Medical Associates notified about 2,780 patients that their data was on computers stolen from its California offices.

Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

About 1,700 people in the Dominion Resources employee wellness program have been notified that their data was accessed in a breach.

Document posted to California city website, employee data accessed

In California, a document posted to the City of Encinitas website contained data on hundreds of current and former city staffers.