Virginia's Loudoun County Public Schools (LCPS) recently acknowledged that an error made by third-party provider Risk Solutions International (RSI) made student and staff information accessible online (h/t Washington Post).
RSI, which had been maintaining an emergency management plan Web site for LCPS, conducted technical testing on November 4, 2013, December 19, 2013, and December 24, 2013. "Security protocols were not followed and the data was exposed," according to an LCPS statement. "The exact date of the incident has not been determined nor has the length of time the information was exposed."
"Risk Solutions International acknowledged that human error, on their part, was the cause of the data breach," LCPS superintendent Edgar B. Hatrick stated in a separate announcement. "I have insisted that they take all necessary steps to ensure the complete privacy of our data."
When LCPS was notified on January 2, 2014 that the information was accessible through a Web search, it contacted RSI requesting a shutdown. It took until January 8, 2014 to remove caches of the documents to ensure the information was no longer accessible.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Information exposed includes student names, addresses, phone numbers, dates and places of birth, dates of attendance, and school schedules. According to the Washington Post, one school's locker combinations were also exposed.