A student at Riverside High School reported on September 26 to Greenville County Schools (GCS) Education Technology Services Department (ETS) that while using a GCS networked computer he bypassed district security controls to gain unauthorized access to a GCS file server. That server contained confidential student information, including students’ names, addresses, Medicaid ID numbers, and social security numbers.
There is no evidence to indicate that any data was transmitted to any other person or used in any manner. Although we have no indication that any misuse has occurred, as a precaution we are informing our students and parents of this situation.
The student provided ETS personnel the portable storage device to which he had downloaded the information and a written statement that he had neither shared nor reproduced that information. ETS personnel immediately initiated established Incident Response Procedures including investigation of the incident by ETS Information Security Personnel and referral to the Greenville County Sheriff’s Department Investigations Division.
Law enforcement and the school district are conducting separate on-going investigations. The results of the district investigation will determine any school disciplinary action.
While we have no indication that any misuse has occurred, this incident serves as a reminder that data of a confidential, personal nature is stored in computer systems throughout the world and these systems are constantly subjected to attempts at unauthorized entry. In response to this problem the Federal Trade Commission provides specific steps that all individuals should take to detect and prevent improper use of their personal information. As a service to our students and families, the school district has provided a link to these steps that may be accessed in the Parent Section of the school district website. We recommend that all families use this as an opportunity to review and implement these precautions.
# # #