DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Exclusive: Clark County School District student data begins to leak; CCSD doesn’t comment

Posted on October 26, 2023 by Dissent

Tiffany Lane reports:

Problems continue for Clark County School District families and staff about a week and a half after being notified of a cyber security incident that happened earlier this month.

Some parents say they received an email Wednesday with private information about their children.

While they do not know if it is related to the cyber security incident involving CCSD, they say it does include information they believe only the district would have access to.

As one parent described it, the email they received was

“Warning me that my children’s information was released or hacked into and it had three PDF files,” said Hecht. “Each one had my children’s picture, all of their contact information, email addresses, student ID numbers, my information, our address.”

Read more at News3LV.

Parents of CCSD children do have reason to be concerned about the leak of student data. DataBreaches found that some of the data was released this week on a file-sharing site. The post has since been removed, but the leak was described as representing about 1% of the total files obtained. Filenames with links where they could be downloaded were listed. Some of the files had notations including the size of the file.

The following is from the post on the file-sharing site. Links to the data have been removed by DataBreaches.

  • 25k Graduates with Personal Email, Birthdate, Ethnicity, PSAT scores.
  • Diabetes Database MASTER 23_24 (Personal information on 1k students with diabetes)
  • Admin.zip (Misc older spreadsheets 2016-2020. 45 MB)
  • HCM (Financial reports, staff salaries, grant information 2019)
  • [0277] T3 ONLY.zip (Incident reports for 2022 and 2023 by victim)
  • Swainston M.S. Attendance, Absent notes, Suspensions, Behavior referral tracking, student signout, bulling contracts, Truancy, Dress code violations, Early release, safety search, EMI – ASA, School Bus Incident Reports, Police Reports (2 Files, 2.5 GB in total)
  • Internal Communications:
    • ZZZ-AIA-completed (185 MB)
    • GDA Grant Administrators (1.3 GB)
    • 0003-ogc.RecordsRequest (415 MB)
    • CCSD Facilities Floor, Site and Portable Classrooms Plans (409 MB)
    • 5 0449-VTCTA-Office Staff
    • Student – Census Verification Report – 12 Grade and Graduate photo and PII.  (800+ students. 78 MB)
  • HMS Super Users
  • SPED Special Education levels per school. (Student health conditions listed per School in the district. 38 MB)

DataBreaches did not download all the files but did download some to investigate them. As an example, the Attendance directory had folders for the 2020-2021, 2021-2022, and 2022-23 school years.  Expanding the folder for 2022-2023 Swainston M.S. revealed a number of folders that included behavioral incident reports for named students, reports on named students who got lunch detention, and 251 reports on named students who got in-house school suspension. Other files contained the names of alleged bullying offenders and bullying victims with incident reports.

directory of Attendance for Swainston M.S. for 2022-2023 revealed numerous folders with identifiable student information

In another folder labeled “[0277] T3 Only,”  DataBreaches noted approximately 7,000 files involving named students from Schofield M.S. during the 2022-2023 school year relating to incidents. Each report contained the date, type of incident, proponent’s name, student ID number, grade, the date and time of the incident, the location of the incident, and description of the incident. Some of these were incident reports, while other .pdf files were witness reports.

DataBreaches also examined the Diabetes .csv file. There were several tabs for that spreadsheet. The “Diabetes Mellitus” tab had 907 student entries with their name, student ID number, date of birth, school, grade, physician name, and other fields.  Other tabs in the .csv file were also populated: “Hypoglycemia,” “Glycogen Storage,” and “Solu-Cortef.”

Diabetes Mellitus tab from .csv file leaked. Image redaction by DataBreaches.net.

On October 24, DataBreaches reached out to CCSD to ask them about the leaked files. They have not replied.

Category: Commentaries and AnalysesEducation SectorOf NoteU.S.

Post navigation

← October 31: OCR Webinar on The HIPAA Security Rule Risk Analysis Requirement
Detroit-Area District Cancels Classes Due to Cyber Incident →

1 thought on “Exclusive: Clark County School District student data begins to leak; CCSD doesn’t comment”

  1. SingularityMD says:
    October 26, 2023 at 3:36 pm

    There is much more information posted here
    [url redacted by moderator]

    *The email address provided is not mine. Do not attempt to contact me on it.

    I won’t, but can you get in touch with me and give me a way I can contact you to ask a few questions? My email is breaches[at]protonmail.ch but I can also be reached on Signal at 516-776-7756 or Telegram @DissentDoe

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.