A student at Riverside High School reported on September 26 to
Greenville County Schools (GCS) Education Technology Services
Department (ETS) that while using a GCS networked computer he
bypassed district security controls to gain unauthorized access to a
GCS file server. That server contained confidential student
information, including students’ names, addresses, Medicaid ID
numbers, and social security numbers.
There is no evidence to indicate that any data was transmitted to
any other person or used in any manner. Although we have no
indication that any misuse has occurred, as a precaution we are
informing our students and parents of this situation.
The student provided ETS personnel the portable storage device to
which he had downloaded the information and a written statement that
he had neither shared nor reproduced that information. ETS personnel
immediately initiated established Incident Response Procedures
including investigation of the incident by ETS Information Security
Personnel and referral to the Greenville County Sheriff’s Department
Investigations Division.
Law enforcement and the school district are conducting separate
on-going investigations. The results of the district investigation
will determine any school disciplinary action.
While we have no indication that any misuse has occurred, this
incident serves as a reminder that data of a confidential, personal
nature is stored in computer systems throughout the world and these
systems are constantly subjected to attempts at unauthorized entry.
In response to this problem the
Federal Trade Commission provides specific steps that all
individuals should take to detect and prevent improper use of their
personal information. As a service to our students and families, the
school district has provided a link to these steps that may be
accessed in the
Parent Section of the school district website. We recommend
that all families use this as an opportunity to review and implement
these precautions.
October
10, 2008
