On Oct. 7, parents of KatyISD students received a letter notifying them of a possible data breach at a third-party vendor, SunGard K-12.
SunGard K-12 had notified KatyISD that there had been a data breach on Aug. 31, but a full report was not available until Sept. 15. The breach in August exposed information from students who were enrolled in a KatyISD school during the 2013-2014 school year. The data exposed included names, birthdays, e-mail addresses, zip codes, state IDs, and social security numbers.
Maria Corrales, spokeswoman for KatyISD, said that the situation is very low-risk, as the information was not exposed through an attempt of fraud. In fact, those with access to the information were probably unaware of the presence of the files in the application.
“The Katy ISD data was never viewable by end users in their districts and SunGard has no evidence to suggest that the client districts were aware of the presence of the data files,” said Corrales.
Corrales stressed that students and parents have no reason to be concerned, as KatyISD has taken steps to prevent such an event from happening once more.
“Katy ISD takes data privacy and security very seriously. We deploy strict security processes for privacy and security. We do not share student and staff information unless it is mandated by law or absolutely required to maintain the essential operation of the district under strict agreements that maintains full compliance with FERPA. Katy ISD terminated the disaster recovery backup service with SunGard,” said Corrales.
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student education records. As per KatyISD policy, permission must the taken from parents before sharing any student information.
SunGard K-12 is a data manager, specializing in student and employee information. The company partners with school districts to provide data services and secures sensitive student information. SunGard stated that the breach was due to human error within the company. An employee had accidentally copied and uploaded student information onto an application which could be viewed by technology personnel of 29 other school districts.
The parents of students affected by the breach have been offered one year of identity protection service LifeLock by Sungard K-12, which was arranged by the district.
“Although SunGard has no reason to believe that this data was viewed or copied by anyone in these districts, we recommend that you register for the online identity monitoring service and call the hotline (800-861-1753) for assistance has needed,” said Co