School Web site breached? Personal info of Pembroke workers, volunteers accessible for months

October 9, 2007

By Sydney Schwartz, The Patriot Ledger

School Web site breached? Personal info of Pembroke workers, volunteers accessible for months



Personal information on anyone who worked or volunteered for the Pembroke schools in the last four years was accessible via the Internet because of a weakness in the district.s computer system.

The information, including names, birth dates and Social Security numbers, was available from May until Oct. 2, when school officials learned of the problem, School Superintendent Frank Hackett said.

"It was not easy to get to, but it was there, so, ultimately, there was some exposure to confidential personal data," Hackett said Monday. "It just was there, lying dormant, unless you came across it through a search engine."

Hackett said the files may still exist as what are known as cached files on the Google search engine.

"We're pretty confident that they (the files) are no longer available," School committee Chairman Michael Tropeano said.

School district employees and volunteers should contact a consumer credit reporting agency to report that their personal information may have been accessed.

School officials attributed the security breach to a problem with data storage within the district.s computer system.

Tropeano said someone "would have to have had the exact file name and location on the server, so it's not as though you could go there and type in our long Web address and (the data) would just pop up."

Hackett said school administrators took immediate action after finding the problem during the afternoon of Oct. 2, after students had gone home.

Town officials have spent several days trying to get in touch with Google and getting outside help, the superintendent said.

As soon as school personnel found out about the problem, "they brought the Web site down," Tropeano said. "It was down for about a day while they did everything they could."

Hackett sent a letter about the security breach home with students last week and also e-mailed and sent the letter by regular mail to school employees and volunteers.

Officials think that they had, by Friday, identified everyone the security breach could have affected, Hackett said.

Whether anyone accessed the files, "there's no way of knowing," Hackett said. "What we did know is who those files would have included, and (we) wanted to make sure that every one of those people were contacted individually - to let us know that this is going on."

He said school officials took the matter "very seriously" and are trying to figure out how and why the district's files were vulnerable.

"No one was accessing our servers in a criminal way,." the superintendent said. ".If that information was being accessed, it was because someone had done a search-engine search and had come across one of those files inadvertently."


main page ATTRITION feedback