DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

VA: Fairfax Schools leak: Personal student info will be removed

Posted on December 21, 2012 by Dissent

Hatzel Vela reports on WJLA:

Fairfax County Public Schools Wednesday learned confidential student information from Fairfax High School was leaked and posted online, but that information is now being taken down.

The information included student’s names, student ID numbers and even grades. The records listed students from 9th to 11th grade. Because senior students are graduating, their files are kept separate and that’s why officials believe those files were not leaked.

Jack Dale, the superintendent of Fairfax County Schools, released a note to parents Friday stating the court granted a request to remove the personal information. The owner of the Fairfax Underground website says the data will be removed by no later than 5 p.m. Friday.

Tom Jackman of The Washington Post has a screen shot of what was posted on the forum and more details on this case. Reportedly, the data were first uploaded to the Fairfax Underground site on Tuesday. On Wednesday, the school system found out about it. On Friday, they were in court to get an order requiring Fairfax Underground to remove the data.

What caught my eye in the first story was this statement by Superintendent Dale:

“Violations of student privacy will not be tolerated and those who are responsible for this breach will be held accountable,” Dale stated in an earlier letter.

It is it just me, or does that read like Fairfax County Schools has no idea at all how they suffered a breach? And it’s one thing to say that those who are responsible will be held accountable, but are they talking only of whomever posted the data, or are they including those who may have failed to adequately secure it?

This is not Fairfax County’s first breach, by the way. In 2008, dozens of files with names and birth dates for 74,000 students in the school system were accidentally exposed online by Princeton Review. Then in 2010, a third grader was able to access the Blackboard Learning System used by the county to change teachers’ and staff members’ passwords, change or delete course content, and change course enrollment. It was nothing so exciting as a hack, however. The child found the password on a teacher’s desk and used it.

So what will it be this time? Were they hacked externally or did some staff member not adequately protect login credentials? I hope we find out.

Update: Some additional coverage of the case and the web forum’s reaction to the injunction:

  • http://fairfaxcity.patch.com/articles/schools-officials-secure-court-order-against-fairfax-underground

  • http://www.fairfaxunderground.com/forum/read/2/1069819.html,page=all  (thread on Fairfax Underground)
  • http://fairfaxcity.patch.com/articles/fhs-final-grades-leaked-on-fairfax-underground

     

 

Category: Breach IncidentsEducation SectorU.S.

Post navigation

← Prohibitions on Egg and Sperm Donor Anonymity and the Impact on Surrogacy
Five breaches newly disclosed by HHS's breach tool →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.