A Computer Crash Corrupted Security Software Opening Up Metro Atlanta School Database
Who: DeKalb County Schools
# of Accounts Breached: Over 3,000 files
What was affected: Over 2,700 of the uploaded images contained a driver’s license or government-issued IDs, including social security cards. Over 80 included images of passports from the U.S. and other counties, along with green cards and military IDs. There were also school transcripts with social security numbers and other private data visible.
When it happened: December 2018
How it happened: Images of the personal information were uploaded into a folder on the DeKalb County Schools website. The district confirmed the folder had been online since 2016. The data was secure, as of Dec. 22, until the district’s cloud-based web server crashed due to a vendor-related event. The server was restored on Dec. 24, but the crash had corrupted security software. The data was then unsecured and publicly available online until 11Alive brought it to the district’s attention.
Outcome: Once the district became aware of the occurrence, the information was quarantined to determine the scope of impact. It is believed that no other private information was compromised outside of the contents of the FTP folder. Also, the district said it has removed each file from its website and server, disabled the upload form and contacted Google and the website host vendor to make sure the information is scrubbed from the internet. DCSD also said it implemented additional security measures on its website.