Skip to main content
You are the owner of this article.
You have permission to edit this article.
Edit
West County provides notice of data breach last year; no identity theft reported so far
alert top story

West County provides notice of data breach last year; no identity theft reported so far

{{featured_button_text}}
West County provides notice of data breach

West County School District announced on Friday that, although it had experienced a possible data breach between Oct. 6 and Nov. 20 last year, to date it’s had no reports from anyone affected by that unauthorized access of information on a computer server used for summer school.

West County School District announced on Friday that, although it had experienced a possible data breach between Oct. 6 and Nov. 20 last year, to date it’s had no reports from anyone affected by that unauthorized access of information on a computer server used for summer school.

“After we first discovered the breach, it’s been a long process, because we immediately turned it over to our insurance who hired an investigative company who then came in and investigated everything,” said the district superintendent, Dr. Kevin Coffman. “It wasn’t on one of our main school servers, it was on a server we use for our summer school, and the number of people it would have impacted was minimal.

"The investigators thought the probability of data being mined was very improbable, due to the amount of time the (hacker) was in the server and due to the movement within the system. They couldn’t say it 100% didn’t happen, though, so we set about contacting everyone we could. We’re sending out the news release in hopes we can reach the few people we might have missed.”

According to the news release issued by PR Newswire, when the district became aware of unusual activity related to certain systems within the district's network, it immediately enlisted third-party forensic investigators to help determine the scope of the data breach. It was determined that certain information contained on a district system may have been accessible to an unauthorized party between Oct. 6, 2019, and Nov. 20, 2019.

Although the investigation did not find that personal information had actually been accessed or acquired as a result of this incident, West County could not rule out the possibility. Personal information relating to certain current and former students and staff was present within the impacted system: name, Social Security number, and state student identification numbers for certain students and staff.

The release indicates the district immediately began to assess the security of relevant district systems, to contact the people who were potentially affected, and notify state regulators as required. District employees also went about resetting relevant passwords, working with third-party investigators, reviewing the contents of the impacted system to determine whether they contained sensitive information, and reviewing internal systems to identify contact information and notify those who might be affected.

Support Local Journalism

Your membership makes our reporting possible.
{{featured_button_text}}

“I can’t believe how long it took to contact everyone who might have been affected, that was the longest and hardest part of this,” Coffman said. “Because the server had a few years’ of data on it, we had to track down many people who had different addresses and phone numbers, might have moved out of the state, it was a challenge.”

Anyone with additional questions can call the district at 573-562-7535, write to the district at 1124 Main Street, Leadwood, MO 63653, or obtain additional information on the website at www.wcr4.org.

“Unfortunately, (hackers) go after schools,” Coffman said. “We were able to identify and fix things, but there’s no such thing as 100% full protection.

“It’s not uncommon to receive a letter from a major corporation about possible data breach. We did the same thing, once we identified the people potentially affected, part of our plan was to make sure we protected them. So we not only contacted them, we offered free credit reporting and free monitoring for three years. It’s not their fault, and we wanted to make sure they’re not impacted.

Those who suspect they might be victim of identity theft and fraud stemming from the summer-school server breach should review their account statements and monitor their credit reports for suspicious activity. Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. The three major credit bureaus can also be contacted for a free copy of your credit report.

“To date, no one has contacted us to say they were actually even breached, so that’s a positive, that’s the best thing at the end of the day,” Coffman said.

Sarah Haas is the assistant editor for the Daily Journal. She can be reached at 573-518-3617 or at shaas@dailyjournalonline.com.

0
1
0
0
1

Be the first to know

* I understand and agree that registration on or use of this site constitutes agreement to its user agreement and privacy policy.

Related to this story

Most Popular

Get up-to-the-minute news sent straight to your device.

Topics

News Alerts

Breaking News