Floyd County Schools report data breach with former vendor involving up to 6,400 student and staff names, dates, maybe emails on file between 2008 and 2015. Company offering credit monitoring.

Floyd County Schools report data breach with former vendor involving up to 6,400 student and staff names, dates, maybe emails on file between 2008 and 2015. Company offering credit monitoring.

Media release: A contractor formerly used by Floyd County Schools has notified FCS that it has experienced a data security incident. An older version of Pearson Clinical Assessments program—AIMSweb—is involved in the incident.

Students’ first and last names were accessed. In some of the cases, birth dates were also exposed during this incident. A small number of staff members’ names and email addresses were also exposed. Further identifying information was not revealed and has not been compromised.

“This incident impacts 5,900 students enrolled at FCS and 500 FCS employees who were AIMSWeb users between 2008 and 2015. The information Pearson reported was involved was limited to basic directory information,” said FCS Executive Director of Technology Craig Ellison. “Regardless of how limited in nature the data was, this is not acceptable by FCS standards of security. Although this happened via a former data contractor, we want to ensure all of our stakeholders that we take data security seriously whether in-house or with a data contractor.”

Pearson is offering access to credit monitoring services for any individual who believes they may be impacted. For a list of questions and answers, letters to families, and resources for credit monitoring, please see below or click here. No verification is required beyond the instructions provided.

“This is a third-party data incident that did not occur on FCS’ servers. Please reference the links Pearson provided for more details,” Ellison continued. “Because the data is old and not specific enough, it would be very difficult to determine who exactly has been impacted. After reviewing Georgia Code with our legal advisor, we determined we would use mass communication, such as print media and our website, to notify as many stakeholders as possible.”

Floyd County Schools has been and will continue working with Pearson to ensure that data in their possession has been appropriately secured and is appropriately deleted when it no longer serves any purpose in supporting the education of our students.


Questions and Answers:Pearson Third-Party Data Security Incident

Exactly what happened?
FCS was notified that one of its contractors, Pearson Clinical Assessment, has suffered a data security incident in an older version of their AIMSweb system. Floyd County Schools has not contracted with Pearson (AIMSWeb) since July 2015.

Information on AIMSweb servers was accessed by an unauthorized third party. This information includes the first and last names of some students and staff members, and in some of those cases, the students’ dates of birth.

Some staff members’ email address information was also accessed.

Whose information was accessed?
This incident impacts 5,900 students enrolled at FCS and 500 FCS employees who were AIMSWeb users between 2008 and 2015.

When did this happen?
November of 2018. FCS was provided notice by Pearson on July 24, 2019.

Why are we being notified now?
It is common for an incident like this to not be discovered for many months. Public disclosure may also be delayed while law enforcement conducts investigations into the incident.

What information was accessed?
Students’ first and last names were accessed. In some of the cases, birthdates were also exposed during this incident. A small number of staff members’ names and email addresses were also exposed. Further identifying information was not revealed and has not been compromised.

What should I do if I or my children were enrolled during the school years impacted by this event?
Every person must carefully consider their own course of action in all matters of privacy. Pearson is offering access to credit monitoring services for any individual who believes they may be impacted. No verification is required beyond the instructions provided HERE. This is a third-party data incident that did not occur on Floyd County Schools’ servers. Please reference the links Pearson provided for more details. 

How can I tell if my name or birthday was included in the compromised information?
The information is old and not specific enough for the District to identify exactly who has been impacted. We would recommend that all persons who have been enrolled or employed at FCS between 2008 and 2015 act on the assumption that their information may have been included. Please reference the links Pearson provided for more details.

Share Button

Sorry, comments are closed for this post.