Valerie Bauman reports:
Commack school district officials said Thursday night that an “unauthorized person” broke into a high school computer data network containing class schedules, student identification numbers, names and addresses.
In a statement posted on the district website, officials said there is no evidence that whoever hacked the system downloaded any specific student information.
Read more on Newsday (sub. req.).
Here’s the full statement posted on the district’s web site yesterday:
Announcement: Potential Release of Student Data
The District has become aware that the student management system at the High School was accessed by an unauthorized person. At this time, there is no evidence that the individual downloaded any specific student data. However, we thought it was important to make parents aware of the potential release of student data. At this time, we believe this breach only applies to a very limited number of high school student records. Types of information that may have been viewed include: student ID numbers, name, address, contact information, and student schedules. Social security numbers are NOT in the student management system.
Upon learning of the breach, the District immediately contacted the Suffolk County Police Department. The District is working with the police department, and the police have moved forward to identify the person responsible. Commack’s IT department immediately added additional security protocols to our student management systems, restored any altered schedules, and implemented a 24/7 active monitoring program for all systems (our 24 hour monitoring has shown no additional unauthorized attempts to access our student management systems at this time).
In addition to working with the Suffolk County Police Department and conducting an internal security review, the District is in the process of hiring an outside technology company to conduct a full electronic security review of the District’s student management system and networks in an effort to assure our systems are as secure as possible. Again, at this time, there is no evidence that student records were downloaded or disseminated. The police are continuing their investigation, as is the District. Should we determine that there is more to this breach than indicated above, we will notify parents accordingly.
In closing, please be assured that the District takes very seriously the protection of private student data, and actively monitors our networks. We continue to work to ensure that the District takes the steps necessary to prevent this type of incident in the future.