A software vendor contracted by Loudoun County Public Schools has reported a
security breach to the school system, according to a message sent to parents
The message, from Superintendent Edgar Hatrick, identified the vendor as Risk Solutions International, which maintains the LCPS Emergency Management Plans. Personal information about students and staff members normally restricted to authorized LCPS personnel can be found on the website in question. The information on the site is restricted for use in emergency situations, according to Hatrick’s message.
Risk Solutions immediately took the site offline while fixing the problem, according to the message.
“I have insisted that they take all necessary steps to ensure the complete privacy of our date,” Hatrick wrote, explaining that Risk Solutions indicated that human error caused the problem. “That said, I am deeply concerned that the breach occurred and have taken every possible precaution to make sure it does not happen again.”
It's unclear whether anyone accessed the information or how long the security issue existed, according to The Washington Post.
Hatrick’s full message to parents:
This is Edgar Hatrick, the superintendent of Loudoun County Public Schools. Recently, the school system was informed of a security breach involving one of our software vendors. The vendor, Risk Solutions International, maintains the school system’s Emergency Management Plans.
The website contains some personal information about students and staff members that is normally restricted to authorized LCPS employees only for use in emergency situations. The vendor site was immediately taken down while the vendor fixed the problem. Risk Solutions International acknowledged that human error, on their part, was the cause of the data breach.
I have insisted that they take all necessary steps to ensure the complete privacy of our data. That said, I am deeply concerned that the breach occurred and have taken every possible precaution to make sure it does not happen again.