Hopkins County School affected by a data breach

Hopkins County School has suffered from a data breach, when an unidentified user has compromised the password-protected Infinite Campus account of a board staff member of the school and then gained access to the database containing students' personal information. According to the school officials, the database contained personal information like names, Social Security numbers, and dates of birth of around 7000 students.

The incident occurred on June 4, 2019. Upon learning about the incident on June 5, 2019, the school officials responded promptly by taking down that database, however the database remain accessible to the unauthorized third-party for almost 20 hours. The Hopkins County schoolchildren's parents received a message from school board on the morning of June 6, 2019, that alerted them about the data security breach.

Although at present there is no evidence that students' personal information was obtained by the unauthorized user, the officials of school board cannot say for sure that the information has not been accessed. However, still an extensive investigation is going on.

"We do not believe that this was a malicious attack. We do not believe it's like something you hear on the news about a Russian hacker getting a list of Social Security numbers. We believe it was something local. It could have been a joke. It could have been something very minor," Drew Taylor, CIO (Chief Information Officer) of Hopkins County School said.

The school has notified the Kentucky State Police, Kentucky Department of Education, and the attorney general of the state about this incident. Moreover, the education institution has filled a proper form as per state-standard protocol.

The parents are being recommended by Hopkins County School to remain alert as well as monitor their credit scores in parent portal. The school is also planning to provide appropriate training for their staff on password-protection.

Taylor said that "at this point, it's more of training and using this as a positive opportunity to train and help people learn the severity and consequences. It's a lesson in keeping passwords private and secure, which is something we've always done. It's just now we have a case to refer to and say, 'Hey, this can happen. Please be aware'".

» SPAMfighter News - 6/27/2019