Nathaniel Beers, chief of specialized instruction with the District of Columbia Public Schools (DCPS), issued a statement on Tuesday regarding the public being able to access an internal website that stored a variety of data, including special education student information.
How many victims? Undisclosed.
What type of personal information? Training materials for DCPS staff related to special education cases. The training materials contained some student information, as well as login information to a database regarding the District's special education students.
What happened? An internal DCPS website that stored the information was accessible to the public.
What was the response? DCPS immediately shut down the internal website and the Office of the State Superintendent of Education changed the login information to the database. DCPS is conducting a review of its security practices. A notification was posted to the DCPS website.
Details: The internal website was launched in 2010. BuzzFeed News reported on Tuesday that the internal website was shut down on Monday following a BuzzFeed News inquiry. The report indicates that hundreds of documents were accessible, and that the data included an assortment of credentials, teacher and employee email addresses and workplace information, and more. According to the report, DCPS acknowledged that the public had been able to access the internal website since it launched in 2010.
According to a statement emailed to SCMagazine.com on Wednesday, an investigation is ongoing into the full scope and potential impact of this situation. The statement explains that officials are investigating if there has been unauthorized access to the Blackman Jones database. According to the DCPS website, the Blackman Jones database “helps both DC Public Schools and the Office of the State Superintendent of Education respond to and resolve special education due process complaints, hearing officer determinations and settlement agreements.”
“DCPS is in the process of notifying families that may have been affected and has released a hotline number that families can call with questions,” according to the statement.
Quote: “There is currently no evidence that data was compromised,” Beers wrote. “Accessing this information without explicit permission is illegal.”
Source: dcps.dc.gov, “Notice for UMass Memorial Medical Group Patients Regarding Former Employee Incident,” Feb. 3, 2015; buzzfeed.com, “D.C. Public Schools Website Exposed Confidential Info About Students With Disabilities,” Feb. 3, 2015; a DCPS statement emailed to SCMagazine.com on Wednesday.