Lancaster County School District announced this week a suspected computer hacking into dozens of district computers.
The hackers obtained passwords by monitoring district computers and capturing keystrokes. The passwords gave the hackers access into the records on the state system of more than 25,000 students and more than 2,500 employees.
Database information on the current and former students and employees may have been compromised, including names, birth dates, social security numbers, addresses and phone numbers.
No credit card or bank account information appears to have been compromised.
Once school officials were alerted that personal student and employee information could have been downloaded, the district notified SLED and other appropriate agencies, and the computers were immediately taken off-line and the breach secured.
The hacking incidents took place in March. The incidents were discovered by the U.S. Computer Emergency Readiness Team, which notified the S.C. Information Sharing & Analysis Center. The center then notified the school district of the incidents.
The hackers were able to capture keystrokes from district computers and determine district passwords for the state systems that store the district’s student and employee information. The hacking was an intentional and sophisticated criminal action to obtain protected information.
The district is assisting in efforts to identify and apprehend the person or people responsible for the hacking.
“We deeply regret the hacking and that the security breach occurred, and we sincerely regret any inconvenience the breach may cause,” superintendent Gene Moore said. “We are doing everything we can to prevent this from happening again, and we have put new measures in place to better assure that our computers are protected from such attempts.”
Dr. Moore noted the school district is reviewing all its computer security procedures.
All affected employees and students affected by this incident will be notified in writing, and the district will make its best effort to notify former employees and students, Moore said. The school district will provide instructions to students, parents and employees on how to protect themselves from identity theft on the district’s website and by mail.
For more information, contact the school district Computer Security Taskforce at 803-416-8822.
Questions & Answers on Data Compromise, CLICK HERE.
Notification letter sent to students, employees, CLICK HERE.