Education // Maryland, United States
A document that contained employees’ personal information was emailed outside of the school system to the personal addresses of certain staff.
Employees were notified of the breach on Friday evening, about a week after the incident. The wrongful recipients also have been contacted.
About 10,000 of the district’s 23,785 employees were affected.
Social Security numbers, birth dates and employee identification numbers potentially have been compromised.
Sensitive data was inadvertently included in a routine monthly report shared internally by email. When officials became aware, the district instructed its information technology staff to suspend the email accounts while they removed the email from the inboxes.
During that process, they discovered that some of the information was sent outside the school system.
Edmund Harris, a library media specialist, was displeased by the announcement.
“I just couldn’t believe this had happened, especially since it involves the social security numbers,” he said.
On the other hand, Theresa Dudley, a teacher at Benjamin Tasker Middle School, said data breaches have become commonplace, noting the security breaches at Target and Home Depot. “It’s the age we live in,” Dudley said.
Misplaced data is one of the biggest insider threats for government agencies.
Email misfires and other errors account for more than a third of data breaches in the public sector, according to Verizon’s annual data breach report. Unapproved or malicious use of data by public servants represents 24 percent of reported incidents.
The notification letter sent to employees of the P.G. County school system states:
Dear PGCPS Team Member:
A few days ago we learned that a report was generated and sent via e-mail to a select group of principals. When we became aware of the issue, the recipients’ PGCPS e-mail account was suspended so Information Technology staff could remove the email from their PGCPS in-boxes.
As part of that work, it was discovered some of the information was disseminated outside of the PGCPS e-mail domain. The report contained your Social Security Number, date of birth and employee identification number (EIN).
As a result, your personal information may have been potentially exposed to others. Please be assured that we have taken every step necessary to address the incident, and that we are committed to fully protecting all of the information that you have entrusted to us.
PGCPS is offering one year of free credit monitoring to all affected persons. Please be sure to look for the information on how to enroll in a notice that will be mailed to your home address in the next business day.
We regret this error and please know that we have taken aggressive steps to ensure an incident of this type does not happen again.
Monique Whittington Davis, Ed.D.