DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Exclusive: Clark County School District student data begins to leak; CCSD doesn’t comment

Posted on October 26, 2023 by Dissent

Tiffany Lane reports:

Problems continue for Clark County School District families and staff about a week and a half after being notified of a cyber security incident that happened earlier this month.

Some parents say they received an email Wednesday with private information about their children.

While they do not know if it is related to the cyber security incident involving CCSD, they say it does include information they believe only the district would have access to.

As one parent described it, the email they received was

“Warning me that my children’s information was released or hacked into and it had three PDF files,” said Hecht. “Each one had my children’s picture, all of their contact information, email addresses, student ID numbers, my information, our address.”

Read more at News3LV.

Parents of CCSD children do have reason to be concerned about the leak of student data. DataBreaches found that some of the data was released this week on a file-sharing site. The post has since been removed, but the leak was described as representing about 1% of the total files obtained. Filenames with links where they could be downloaded were listed. Some of the files had notations including the size of the file.

The following is from the post on the file-sharing site. Links to the data have been removed by DataBreaches.

  • 25k Graduates with Personal Email, Birthdate, Ethnicity, PSAT scores.
  • Diabetes Database MASTER 23_24 (Personal information on 1k students with diabetes)
  • Admin.zip (Misc older spreadsheets 2016-2020. 45 MB)
  • HCM (Financial reports, staff salaries, grant information 2019)
  • [0277] T3 ONLY.zip (Incident reports for 2022 and 2023 by victim)
  • Swainston M.S. Attendance, Absent notes, Suspensions, Behavior referral tracking, student signout, bulling contracts, Truancy, Dress code violations, Early release, safety search, EMI – ASA, School Bus Incident Reports, Police Reports (2 Files, 2.5 GB in total)
  • Internal Communications:
    • ZZZ-AIA-completed (185 MB)
    • GDA Grant Administrators (1.3 GB)
    • 0003-ogc.RecordsRequest (415 MB)
    • CCSD Facilities Floor, Site and Portable Classrooms Plans (409 MB)
    • 5 0449-VTCTA-Office Staff
    • Student – Census Verification Report – 12 Grade and Graduate photo and PII.  (800+ students. 78 MB)
  • HMS Super Users
  • SPED Special Education levels per school. (Student health conditions listed per School in the district. 38 MB)

DataBreaches did not download all the files but did download some to investigate them. As an example, the Attendance directory had folders for the 2020-2021, 2021-2022, and 2022-23 school years.  Expanding the folder for 2022-2023 Swainston M.S. revealed a number of folders that included behavioral incident reports for named students, reports on named students who got lunch detention, and 251 reports on named students who got in-house school suspension. Other files contained the names of alleged bullying offenders and bullying victims with incident reports.

directory of Attendance for Swainston M.S. for 2022-2023 revealed numerous folders with identifiable student information

In another folder labeled “[0277] T3 Only,”  DataBreaches noted approximately 7,000 files involving named students from Schofield M.S. during the 2022-2023 school year relating to incidents. Each report contained the date, type of incident, proponent’s name, student ID number, grade, the date and time of the incident, the location of the incident, and description of the incident. Some of these were incident reports, while other .pdf files were witness reports.

DataBreaches also examined the Diabetes .csv file. There were several tabs for that spreadsheet. The “Diabetes Mellitus” tab had 907 student entries with their name, student ID number, date of birth, school, grade, physician name, and other fields.  Other tabs in the .csv file were also populated: “Hypoglycemia,” “Glycogen Storage,” and “Solu-Cortef.”

Diabetes Mellitus tab from .csv file leaked. Image redaction by DataBreaches.net.

On October 24, DataBreaches reached out to CCSD to ask them about the leaked files. They have not replied.

Category: Commentaries and AnalysesEducation SectorOf NoteU.S.

Post navigation

← October 31: OCR Webinar on The HIPAA Security Rule Risk Analysis Requirement
Detroit-Area District Cancels Classes Due to Cyber Incident →

1 thought on “Exclusive: Clark County School District student data begins to leak; CCSD doesn’t comment”

  1. SingularityMD says:
    October 26, 2023 at 3:36 pm

    There is much more information posted here
    [url redacted by moderator]

    *The email address provided is not mine. Do not attempt to contact me on it.

    I won’t, but can you get in touch with me and give me a way I can contact you to ask a few questions? My email is breaches[at]protonmail.ch but I can also be reached on Signal at 516-776-7756 or Telegram @DissentDoe

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.