Virginia county school data accidentally posted online

Share this article:

An undisclosed number of Loudoun County Public Schools (LCPS) students and staffers in Virginia may have had personal information compromised after their data was accidentally posted publicly online.

How many victims? Undisclosed, but LCPS served about 60,000 students in 2013 and employs thousands of staff and faculty. 

What type of personal information? Names, addresses, telephone numbers, dates of birth, places of birth, dates of attendance and student schedules. 

What happened? Following some tests, links to the information were accidentally made available online by employees with Risk Solutions International (RSI) – a company that maintains an emergency management website for LCPS.

What was the response? The information was taken down. LCPS Department of Technology Services staff went through each link to determine its content. RSI worked with service-engine providers to remove accessed documents that were cached during the incident.

Details: The information is typically password-protected, but 1,286 links with information on all 84 LCPS schools were made available. RSI employees engaged in technical testing on Nov. 4, 2013, Dec. 19, 2013, and Dec. 24, 2013. The exact date the information was made publicly available is unknown, but LCPS was made aware of the incident on Jan. 2. Exactly how many links were viewed is unknown. The cached documents were removed as of Jan. 8.

Quote: “The website was not forcibly entered,” according to a post on the LCPS website. “The website never lost its password security.”

Source: loudoun.k12.va.us, “Further Information on Risk Solutions International Website Issues,” Jan. 8, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.