DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

VA: Fairfax Schools leak: Personal student info will be removed

Posted on December 21, 2012 by Dissent

Hatzel Vela reports on WJLA:

Fairfax County Public Schools Wednesday learned confidential student information from Fairfax High School was leaked and posted online, but that information is now being taken down.

The information included student’s names, student ID numbers and even grades. The records listed students from 9th to 11th grade. Because senior students are graduating, their files are kept separate and that’s why officials believe those files were not leaked.

Jack Dale, the superintendent of Fairfax County Schools, released a note to parents Friday stating the court granted a request to remove the personal information. The owner of the Fairfax Underground website says the data will be removed by no later than 5 p.m. Friday.

Tom Jackman of The Washington Post has a screen shot of what was posted on the forum and more details on this case. Reportedly, the data were first uploaded to the Fairfax Underground site on Tuesday. On Wednesday, the school system found out about it. On Friday, they were in court to get an order requiring Fairfax Underground to remove the data.

What caught my eye in the first story was this statement by Superintendent Dale:

“Violations of student privacy will not be tolerated and those who are responsible for this breach will be held accountable,” Dale stated in an earlier letter.

It is it just me, or does that read like Fairfax County Schools has no idea at all how they suffered a breach? And it’s one thing to say that those who are responsible will be held accountable, but are they talking only of whomever posted the data, or are they including those who may have failed to adequately secure it?

This is not Fairfax County’s first breach, by the way. In 2008, dozens of files with names and birth dates for 74,000 students in the school system were accidentally exposed online by Princeton Review. Then in 2010, a third grader was able to access the Blackboard Learning System used by the county to change teachers’ and staff members’ passwords, change or delete course content, and change course enrollment. It was nothing so exciting as a hack, however. The child found the password on a teacher’s desk and used it.

So what will it be this time? Were they hacked externally or did some staff member not adequately protect login credentials? I hope we find out.

Update: Some additional coverage of the case and the web forum’s reaction to the injunction:

  • http://fairfaxcity.patch.com/articles/schools-officials-secure-court-order-against-fairfax-underground

  • http://www.fairfaxunderground.com/forum/read/2/1069819.html,page=all  (thread on Fairfax Underground)
  • http://fairfaxcity.patch.com/articles/fhs-final-grades-leaked-on-fairfax-underground

     

 

Related posts:

  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
  • Pysa shuttered its leak site before it ever dumped data from more than half a dozen schools. Here’s what we know so far.
  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Boston Public Schools To Change Student ID Cards After Flash Drive with Information Was Lost by Plastic Card Systems
Category: Breach IncidentsEducation SectorU.S.

Post navigation

← Prohibitions on Egg and Sperm Donor Anonymity and the Impact on Surrogacy
Five breaches newly disclosed by HHS's breach tool →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches
  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.