Breach, Data Security

Virginia county school data accidentally posted online

An undisclosed number of Loudoun County Public Schools (LCPS) students and staffers in Virginia may have had personal information compromised after their data was accidentally posted publicly online.

How many victims? Undisclosed, but LCPS served about 60,000 students in 2013 and employs thousands of staff and faculty. 

What type of personal information? Names, addresses, telephone numbers, dates of birth, places of birth, dates of attendance and student schedules. 

What happened? Following some tests, links to the information were accidentally made available online by employees with Risk Solutions International (RSI) – a company that maintains an emergency management website for LCPS.

What was the response? The information was taken down. LCPS Department of Technology Services staff went through each link to determine its content. RSI worked with service-engine providers to remove accessed documents that were cached during the incident.

Details: The information is typically password-protected, but 1,286 links with information on all 84 LCPS schools were made available. RSI employees engaged in technical testing on Nov. 4, 2013, Dec. 19, 2013, and Dec. 24, 2013. The exact date the information was made publicly available is unknown, but LCPS was made aware of the incident on Jan. 2. Exactly how many links were viewed is unknown. The cached documents were removed as of Jan. 8.

Quote: “The website was not forcibly entered,” according to a post on the LCPS website. “The website never lost its password security.”

Source: loudoun.k12.va.us, “Further Information on Risk Solutions International Website Issues,” Jan. 8, 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.