Hopkins County School suffered a data breach after an attacker compromised an employee’s password-protected Infinite Campus account and gained access to a database that contained students’ personal information.
What information was compromised?
The database contained almost 7000 students’ personal information including names, dates of birth, and Social Security numbers.
What was the immediate action taken?
“At this point, it's more of training and using this as a positive opportunity to train and help people learn the severity and consequences. It's a lesson in keeping passwords private and secure, which is something we've always done. It's just now we have a case to refer to and say, 'Hey, this can happen. Please be aware,” Drew Taylor, CIO at Hopkins County School said.
Not a malicious attack
Taylor noted that the attackers’ motive is not to get the list of Social Security numbers and confirmed that there is no evidence of any misuse of students’ personal information. However, an extensive investigation is still ongoing.
“We do not believe that this was a malicious attack. We do not believe it's like something you hear on the news about a Russian hacker getting a list of Social Security numbers. We believe it was something local. It could have been a joke. It could have been something very minor,” Taylor said.