DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Exclusive: Clark County School District student data begins to leak; CCSD doesn’t comment

Posted on October 26, 2023 by Dissent

Tiffany Lane reports:

Problems continue for Clark County School District families and staff about a week and a half after being notified of a cyber security incident that happened earlier this month.

Some parents say they received an email Wednesday with private information about their children.

While they do not know if it is related to the cyber security incident involving CCSD, they say it does include information they believe only the district would have access to.

As one parent described it, the email they received was

“Warning me that my children’s information was released or hacked into and it had three PDF files,” said Hecht. “Each one had my children’s picture, all of their contact information, email addresses, student ID numbers, my information, our address.”

Read more at News3LV.

Parents of CCSD children do have reason to be concerned about the leak of student data. DataBreaches found that some of the data was released this week on a file-sharing site. The post has since been removed, but the leak was described as representing about 1% of the total files obtained. Filenames with links where they could be downloaded were listed. Some of the files had notations including the size of the file.

The following is from the post on the file-sharing site. Links to the data have been removed by DataBreaches.

  • 25k Graduates with Personal Email, Birthdate, Ethnicity, PSAT scores.
  • Diabetes Database MASTER 23_24 (Personal information on 1k students with diabetes)
  • Admin.zip (Misc older spreadsheets 2016-2020. 45 MB)
  • HCM (Financial reports, staff salaries, grant information 2019)
  • [0277] T3 ONLY.zip (Incident reports for 2022 and 2023 by victim)
  • Swainston M.S. Attendance, Absent notes, Suspensions, Behavior referral tracking, student signout, bulling contracts, Truancy, Dress code violations, Early release, safety search, EMI – ASA, School Bus Incident Reports, Police Reports (2 Files, 2.5 GB in total)
  • Internal Communications:
    • ZZZ-AIA-completed (185 MB)
    • GDA Grant Administrators (1.3 GB)
    • 0003-ogc.RecordsRequest (415 MB)
    • CCSD Facilities Floor, Site and Portable Classrooms Plans (409 MB)
    • 5 0449-VTCTA-Office Staff
    • Student – Census Verification Report – 12 Grade and Graduate photo and PII.  (800+ students. 78 MB)
  • HMS Super Users
  • SPED Special Education levels per school. (Student health conditions listed per School in the district. 38 MB)

DataBreaches did not download all the files but did download some to investigate them. As an example, the Attendance directory had folders for the 2020-2021, 2021-2022, and 2022-23 school years.  Expanding the folder for 2022-2023 Swainston M.S. revealed a number of folders that included behavioral incident reports for named students, reports on named students who got lunch detention, and 251 reports on named students who got in-house school suspension. Other files contained the names of alleged bullying offenders and bullying victims with incident reports.

directory of Attendance for Swainston M.S. for 2022-2023 revealed numerous folders with identifiable student information

In another folder labeled “[0277] T3 Only,”  DataBreaches noted approximately 7,000 files involving named students from Schofield M.S. during the 2022-2023 school year relating to incidents. Each report contained the date, type of incident, proponent’s name, student ID number, grade, the date and time of the incident, the location of the incident, and description of the incident. Some of these were incident reports, while other .pdf files were witness reports.

DataBreaches also examined the Diabetes .csv file. There were several tabs for that spreadsheet. The “Diabetes Mellitus” tab had 907 student entries with their name, student ID number, date of birth, school, grade, physician name, and other fields.  Other tabs in the .csv file were also populated: “Hypoglycemia,” “Glycogen Storage,” and “Solu-Cortef.”

Diabetes Mellitus tab from .csv file leaked. Image redaction by DataBreaches.net.

On October 24, DataBreaches reached out to CCSD to ask them about the leaked files. They have not replied.


Related:

  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea's largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
Category: Commentaries and AnalysesEducation SectorOf NoteU.S.

Post navigation

← October 31: OCR Webinar on The HIPAA Security Rule Risk Analysis Requirement
Detroit-Area District Cancels Classes Due to Cyber Incident →

1 thought on “Exclusive: Clark County School District student data begins to leak; CCSD doesn’t comment”

  1. SingularityMD says:
    October 26, 2023 at 3:36 pm

    There is much more information posted here
    [url redacted by moderator]

    *The email address provided is not mine. Do not attempt to contact me on it.

    I won’t, but can you get in touch with me and give me a way I can contact you to ask a few questions? My email is breaches[at]protonmail.ch but I can also be reached on Signal at 516-776-7756 or Telegram @DissentDoe

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Ransomware attack disrupts Korea’s largest guarantee insurer
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
  • More than 100 British government personnel exposed by Ministry of Defence data leak
  • New TeleMessage SGNL Flaw Is Actively Being Exploited by Attackers
  • North Country Healthcare responds to Stormous’s claims of a breach
  • Gladney Adoption Center had serious data exposures in the past few months. What will they do to prevent more?
  • Former U.S. Soldier Pleads Guilty to Hacking and Extortion Scheme Involving Telecommunications Companies

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access
  • Texas Enacts Electronic Health Record Data Localization Law
  • Upstate NY county clerk again refuses to enforce Texas abortion judgment
  • Attorney General James Leads Coalition Urging Congress to Protect Americans from Masked ICE Agents
  • Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act​

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.