MISSOULA - Missoula County Public Schools (MCPS) Superintendent Mark Thane spoke in a news conference Dec. 15 about the unintentional data breach that occurred from the Hellgate High School administrative offices on Friday, Dec. 4.
LMG Security completed the internal investigation and forensic investigation. The investigation revealed that Hellgate Assistant Principal Libby Oliver intended to finalize a document containing an agenda and notes from a recent Hellgate football meeting. Oliver’s email attachment included an additional 16 pages of documents, some of which contained private and confidential student and staff information.
The documents containing the confidential information were all stored locally on Oliver’s desktop computer and were unintentionally merged into the document containing the football meeting notes. Using an external hard drive, Oliver took this document to Lynn Farmer’s computer and attached it to the email sent to the parents on the Hellgate football team contact list.
In this data breach, records for approximately 1100 Hellgate students were released. The records included grade analysis reports, results of a reading assessment, Individualized Education Program meeting dates, a list of students participating in the Comprehensive School Community Treatment program and a list of students who have been tardy to class or had broken a school rule.
“I want to underscore the fact that there were no copies of student files released, there were no copies of students’ Individual Education Program plans or 504 documents released and there were no medical files released,” said Thane. “A great deal of the information came from reports downloaded from our student information system that are used by our administrative team for the purposes of managing students’ academic and behavioral needs while in school.”
The Missoula County Public Schools network and student information system remain secure behind district firewalls. This breach was not the result of a network intrusion. Thane said the inclusion of confidential information was the result of human error.
“This error was a failure to follow professional best practices in handling that data on a local device outside of the protected database,” said Thane.
Once the error was discovered Friday evening, there was an immediate attempt to recall the message and parents who received the email were asked to delete the email and the attachment without opening either file.
In the immediate wake of the incident last week, Hellgate parents and staff members with concerns about the data release were directed to contact Thane’s office to confirm if their records were released. In the past week, we have responded to those parent inquiries and provided them specific information related to their student information included in the breach. MCPS is also preparing hard-copy letters to each family affected by the breach that details the records pertaining to their student that were included in the release.
Thane reported this incident on behalf of the District to the U.S. Dept. of Education Family Policy Compliance Office. MCPS has followed a Data Breach Checklist issued by that office to ensure that they acted swiftly and accurately to correct this error.
Thane acknowledged the families, students and staff that were affected by the data breach.
“I understand the important responsibility Missoula County Public Schools hold in protecting student data and we take full responsibility for this error,” said Thane. “We have safeguards in place to protect student data and we will continue to improve our procedures to protect from another incident like this in the future.”
Oliver submitted her resignation Friday, Dec. 18.
Reader Comments(0)