Park Hill data security breach affects more than 10,000 students and employees

Scott Springston
Scott Springston

The Park Hill School District has notified more than 10,000 current and former district employees and students that a data security breach may have compromised their personal information.

The information included Social Security numbers, student records, personnel information and employee evaluations, the district said Tuesday.

The district has found no evidence of identity theft or misuse of the data, Superintendent Scott Springston said.

“The district apologizes for any inconvenience that this may have caused those affected,” he said. “We are doing everything that we can do to assist those that are affected.”

The breach occurred in January or February, the district said, when a worker without permission downloaded student and staff records from a work computer onto a hard drive.

That information was accessible online after the worker, who left the district’s employment a short time later, connected the hard drive to a home network.

District officials did not learn about the breach until April 1, when a district resident notified them. The person had called up the information with a Google search.

The district worked with the former employee as well as the FBI and Google and had access to those records removed on April 5.

The district chose not to release information about the breach in April because it first wanted to identify those directly affected, spokeswoman Nicole Kirby said.

Identity thieves can use Social Security numbers to open lines of credit and file fraudulent tax returns that allow them to receive refunds.

Springston said he did not know why the former employee downloaded the information or what the employee planned to do with it. However, he said, district officials don’t think the employee had any criminal intent. He said he could not identify the worker or say why he or she is no longer with the district.

Letters alerting the 10,210 people affected were sent out Monday and Tuesday, Springston said.

Once the breach was contained, the district hired digital forensics experts and reviewed 13,704 documents to identify those who were affected. It took several months to complete that effort, the district said.

Officials learned that the records of 6,900 students were compromised. The district has more than 10,000 students. The remaining records contained sensitive information of former and current district employees.

The district is working to update its policies that prohibit employees from taking or downloading personnel data and student records. Those who have access to that information are required to receive training.

In addition, the district is providing free identity monitoring services to those affected by the security breach.

“We are developing our policies to make sure that this type of data breach doesn’t happen again in the future,” Springston said.

To reach Glenn E. Rice, call 816-234-4341 or send email to grice@kcstar.com.

Related stories from Kansas City Star