More Than 100,000 Students Impacted by Washoe County School District, NV Data Breach

The Vision Academy at Riverside, located in Indianapolis, is a Community Charter Network school that provides tuition-free, college preparatory education to more than 250 students.

August 1, 2019

The Washoe County School District (WCSD) in Nevada announces a data breach, involving 114,000 students enrolled at WCSD between 2001 and 2016, and "a much smaller number of staff members employed during the same period", says a WCSD press release.

Only student names and some birthdates were exposed, says the statement. In addition, a small number of staff names and email addresses were exposed, but a majority of the email addresses are no longer in use. Further identifying information was not revealed and has not been compromised, WCSD notes.

“The type of information involved in this incident was extremely limited,” said Robert Sidford, Chief Information and Innovation Officer for WCSD. “However, it represents a deviation from the standards that WCSD expects from our own data systems and those maintained by the contractors we do business with. This incident, although very limited, underscores why the work we do every day to safeguard student data is so critical. We are working with this contractor to ensure all necessary precautions are in place in the future.”

“While WCSD would like to individually reach out to every person impacted by this breach, the information is old and not specific enough for the District to identify exactly who has been impacted,” said Alan Cunningham, Information Security Officer for WCSD. “Because the information in question was generated so long ago, many of these students are no longer in our schools. In addition, the type of information is so limited, it is difficult to identify any of the students impacted. However we are issuing this notification out of an abundance of caution so families and individuals are aware of the potential release of this information.”

WCSD will be working with Pearson to ensure that data in their possession has been appropriately secured and is appropriately deleted when it no longer serves any purpose in supporting the education of our students.

“At Washoe County School District we take very seriously the security of all student, family, and staff data,” said Sidford. “Contracts are closely vetted to ensure the best protections are being taken at all times with all data.”

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.