Report: Privacy breach limited on Big Foot Web site

December 20, 2006

By Chris Schultz, Gazette staff

It appears that no one outside Big Foot High School saw personal information that accidentally was posted on the school's Web site, according to a summary report released by the school board Tuesday.

"We are completely certain that information was available only to our staff," Superintendent Thomas Nykl told the board.

Copies of the summary report will be sent to the more than 80 current and former high school employees affected by the security breach. Their responses will determine what happens next.

School board member Rick Ackman wanted to create a committee to review the incident and determine whether action should be taken against the person responsible.

He withdrew his motion at the request of Sue Pruessing, school board president, who said the board should wait for reaction from people affected by the breach.

An additional 50 pages of technical information are available at the school office.

On Oct. 18, Nykl was trying to post financial information on the district Web site, including cost of individual teacher and staff salaries and benefits.

Nykl didn't know that personal information, such as Social Security numbers and dates of birth, was attached. Salary and benefit information is open to the public; the other information is not.

Social Security numbers, last names and years of birth of 87 current and former employees were published on the Internet.

Teachers have said they fear their personal information is public and they are vulnerable to identity theft.

When the items were first posted about 9:40 a.m., the link to the financial and confidential information didn't work, the report said.

The links were repaired about 11:20 a.m. They were then accessed 37 times by 14 computers, all of them internal, the report says.

Two hits on the link came from outside, but they were not able to retrieve the files containing the confidential information, the report says.

About 20 minutes later, secretaries informed the administration that Social Security numbers and birthdates were on the Web site.

The report said files containing confidential information were accessible for 36 minutes before being taken down.

The report does not explain what caused the information to be posted.

As far as he determined, Nykl said, no one saved copies of the information, and none of the confidential pages were cached by Internet service providers. Cached pages are copies that can be accessed and read later, even if the original is deleted or removed.

Nykl has apologized several times for the error. He said he and staff are working on new procedures to make sure the error doesn't happen again.

The report and a chronology of the mistake, how it was discovered and how the information was removed from the Web site was compiled and written over six weeks by Tom Schauf, Web master; Allen Damrow, network administrator; Deb Way, administrative assistant; Jan Berlin, assistant Web master; and Nykl.

The teachers union had asked the board to have someone other than Nykl on the investigation committee and to suspend Nykl until the report was done.

main page ATTRITION feedback