K-12

Arlington Public Schools data breach compromises staff info

The data breach at APS affected sensitive information, including employee tax data.

April 28, 2016

Arlington Public Schools has been the victim of a data breach that compromised sensitive employee information, including tax data, according to an assistant superintendent.

About 28 district employees and their W-2 tax forms were first affected by the breach, according to ARLnow, which reported the initial attack last week. The scope of the breach widened this week, when officials sent a letter to staff that 40 more employees had been impacted.

APS officials said an unknown party logged into the district’s secure data system, STARS, as an employee.

“To do this, we believe the perpetrator(s) obtained the personally identifiable
information for some APS employees from an unknown source,” officials wrote to employees. “The information was then used by the perpetrator(s) to
perform a “self-service password reset” for the individual APS employee’s STARS account, giving that party access to the
employee’s information.”

Officials said they are taking extra precautions to ensure that another breach does not happen, and have notified the FBI and Virginia attorney general’s office.

The district also contracted with AT&T’s cybersecurity unit to assist in the investigation and “perform a complete threat assessment for all of our APS systems,” according to a letter. Officials told employees in an email that they changed the STARS password for all the accounts, and disabled the “self-service password reset” feature, putting in an extra step to reset the codes.

Another expert pulled into the investigation is Naren Kodali, a professor of Information Security at George Mason University.

“With the help of the outside organizations and experts that we have hired, our entire team in the Department of Information Services continues to focus on the ongoing investigation,” they wrote to employees.

Linda Erdos, assistant superintendent for school and community relations, said in an email that administrators are keeping their employees in the loop about the ongoing investigation.

Companies like VMware are ramping up their K-12 cybersecurity services, with officials warning that breaches and identity thefts are occurring more frequently in schools.

This report has been updated to include more information from Assistant Superintendent Linda Erdos.

Reach the reporter at corinne.lestch@edscoop.com and follow her on Twitter @clestch and @edscoop_news.

Arlington Public Schools data breach compromises staff info

More Like This

North Carolina university adds maritime specialization to cyber program

Cal Poly to launch cybersecurity workforce development initiative

University of South Florida preparing new college for AI, cybersecurity

More Scoops

University students sue ticketing platform over data breach

Malware delayed semester start at Alabama community college

Students steal district data to gain edge in ‘Senior Water Games’

Congress considers bills on student privacy, workforce, school security and STEM diversity research

Hackers steal admissions data from three colleges, offer sale to prospective students

Hacked Georgia school district thwarts attempt to steal payroll funds

Five reasons schools need to address cybersecurity now

Latest Podcasts

Arlington Public Schools data breach compromises staff info

CIO Matt Gunkel on how gen AI is transforming UC Riverside

Finding the right place for generative AI in the classroom

New REN-ISAC director wants to build ‘trust community’

Higher Education

K-12

Cybersecurity

Hybrid Learning