A significant security breach in the Granite School District has compromised the personal records of approximately 450,000 current and former students.
At a glance:
- The breach affected all current and former students, totaling around 450,000 individuals.
- Sensitive information, including names, addresses, phone numbers, health records, grades, and, in some cases, Social Security numbers, was accessed.
- The incident occurred between September 11 and September 25, 2024, due to a district employee inadvertently downloading a corrupt file.
- The district is offering complimentary credit monitoring services to those affected and is reviewing its data security protocols.
Details of the Breach
Between September 11 and September 25, 2024, an unauthorized actor gained access to the district’s computer systems after a district employee accidentally downloaded a corrupt file. This allowed the intruder to access sensitive student information, including names, addresses, phone numbers, health records, grades, and, in some cases, Social Security numbers. Approximately 15% of the compromised records contained Social Security numbers.
Superintendent Ben Horsley addressed the breach in a video statement, acknowledging the severity of the situation and apologizing to those affected. He emphasized the district’s commitment to transparency and noted that his own personal information was among the compromised data. The district has refused to pay the ransom demanded by the attackers and is working with cybersecurity experts to assess the full extent of the breach.
Support for Affected Individuals
The district is offering complimentary credit monitoring services through IDX, a ZeroFox company, to those affected by the breach. Individualized letters detailing the specific information compromised are being sent to affected individuals, with guidance on accessing these services. Parents and students are also encouraged to place fraud alerts on their credit files by contacting the three major credit bureaus: Equifax, Experian, and TransUnion.
Ongoing Investigation and Future Measures
The district is conducting a thorough investigation to determine the full scope of the breach and is reviewing its data management policies to prevent future incidents. Superintendent Horsley acknowledged the delicate balance between allocating funds for cybersecurity and classroom resources, stating, “Every dollar I spend over here comes from this pot, so it is this delicate balance of making sure that our systems have integrity, that the data is protected, while at the same time maximizing the amount of resources we send to our classrooms.”
This incident underscores the critical importance of robust cybersecurity measures in educational institutions to protect sensitive personal information.