Dallas ISD experiences Data Breach
The Dallas Independent School District (DISD) experienced a data breach that affected its students, alumni, parents, and district employees. The district stated on its website that an unknown person took data from their server and then saved it on an encrypted cloud storage site.
According to the district, the data has been removed from that location, but there is no indication of it being accessed, shared, or sold for any purpose. Confirmation of the same can only be made after a forensic analysis is complete.
Also Read: University of Kentucky Data Breach
They identified the attack in August and informed law enforcement agencies while simultaneously working to verify the extent of information exposed and the basis of the attack.
As per the district, the downloaded data includes names, SSNs, telephone numbers, addresses, and DOBs of students, employees, and contractors linked to them since 2010. It added further that student’s subgroups of data were also accessed, which includes parent/guarding contact info, their grades, custody details, and medical history.
The district considers the confidentiality, privacy, and safety of information, their utmost priority. They believe this matter to be of extreme importance and so have devoted significant resources to safeguard sensitive data. It further added that they are putting in a lot of effort, but still, the district comes on the list of public and private organizations experiencing cyberattacks.
The DISD also claimed that their Information Technology team, with the help of forensic consultants, looked into the vulnerabilities that, according to them, were exploited in the attack.
DISD also expressed regrets for any inconvenience caused by the incident and considers it to be their responsibility to update the public that measures are being taken to inform individuals whose records have been affected. It added that they are committed to transparency and will share any additional information as and when needed.
Moreover, in order to assist with managing the incident, the district informed about posting a hotline number on their website that will be looked upon by a leading identity protection technology company Kroll taken on board by the DISD.
Once the exposed information is identified, DISD says that this will be shared with Kroll so as to inform the people about it when enquired on the hotline. The district also said no instance of fraud or identity theft has been known to them.