Adam Tamburin reports:
On Thursday, the school system began notifying about 9,200 people that elements of their personal data were accessed during a June security breach.
That total includes about 4,900 employees and 4,300 students, according to James Prendergast, an attorney with Nelson Levine de Luca & Hamilton, a law firm the school system enlisted to help with notifications.
Hackers gained access to nine of Clarksville-Montgomery County School System’s databases on June 11, which included, among other things, names, Social Security numbers and birthdays of some current and former students and employees, according to a news release from CMCSS spokeswoman Elise Shelton.
Read more on TheLeafChronicle.
A statement posted to CMCSS’s web site reads:
The Clarksville-Montgomery County School System discovered on June 11, 2012 that an unknown individual gained access to nine of its computer databases that contained the names, addresses, and Social Security numbers of certain current and former CMCSS employees, as well as the names, addresses, Social Security numbers, dates of birth, and student identification numbers of certain current and former CMCSS students. Beginning today, August 2, 2012, CMCSS is notifying each individual whose information was accessed during this intrusion and advising each individual of the elements of personal information exposed. CMCSS is not aware of any misuse of the personal information accessed during this illegal intrusion at this time; however, CMCSS also is advising affected individuals of steps that can be taken to protect identity and credit from fraud and theft.
Upon discovery of this criminal access, CMCSS retained privacy and data security legal counsel and forensic computer analysts to assist with its investigation of, and response to, this incident. CMCSS also notified local law enforcement and the Tennessee Bureau of Investigation, which is working in conjunction with the FBI to investigate this incident. The criminal investigation into this incident is ongoing.
Through the notification process, CMCSS is providing affected individuals with contact information for a call center, which has been established to respond to questions regarding this incident. We appreciate your patience and understanding throughout this process. Thank you.
The school system’s report seems to conflict significantly with claims made by hackers calling themselves Spex Security, who claimed to have acquired data on 110,000. The hackers later dumped 14,500 of the compromised records online on the Internet. So where is this 9,200 figure coming from? Is the school system saying that these were the only records acquired? I’ve sent an inquiry to the school system’s attorney to request clarification. If I get a response, I’ll update this.