Nearly 23,000 students and faculty at the largest school district in San Antonio may have had their personal information compromised in a data breach that occurred last summer, according to a district official.
Northside Independent School District officials realized just a month ago how extensive the Aug. 12 cyberattack was, Executive Director of Communications Barry Perez told EdScoop. There is an ongoing investigation into the incident, he said.
“We discovered that individual or individuals had gained access to the email accounts of several of our employees,” Perez said. “We began to realize that if someone gets access to employees’ email accounts, what else then would they have access to?”
He added, “We’re trying to mitigate that access.”
District Superintendent Brian Woods sent out letters on Dec. 31 to nearly 23,000 current and former students and faculty members who may have been affected by the breach. The district serves roughly 100,000 students in grades K-12 and employs nearly 13,000 staff members.
Perez said the district hired a computer forensics team that found personally identifiable information like names, birthdays and social security numbers in the compromised emails.
“We realized the scope might be bigger,” he said, adding that investigators combed through “hundreds of thousands of emails” to ascertain how much information was exposed.
Perez said the district is also offering free identity-monitoring from the firm Kroll for a year for the people whose data may have been compromised. The hack was reported to the FBI.
So far, the district does not have any concrete leads as to who the hacker or hackers might be.
“We don’t know who did this,” Perez said. “We don’t have the identity of the individual
or individuals responsible for this.”
He said that no other online district platform was affected, including the grading management system. The hack has proved to be a learning experience for the school community, and staffers and students are getting a crash course in how to safeguard their email and other online accounts.
“Some basic things we started right away to reteach was to make sure your passwords are secure, and you change your passwords on a routine basis,” Perez said.
He also said people should be aware of emails with suspect attachments that could expose computers to viruses or worse. “We want to make sure those things are reinforced with our staff,” he said.
For now, the computer forensics team is monitoring the district’s systems.
“We have stressed to our staff some of those good skills we want them to be mindful of,” Perez said. “We are being diligent and making sure if their names were mentioned, we want to support them and give them as much guidance to monitor their identities.”