Student Data Leak Tied to Human Error, Software Glitch in South Washington County, Minn.

Parents mistakenly received sensitive personal information about other district students in a mass email. Officials concluded the leak was the result of a staff error and a software issue.

by Christopher Magan, Pioneer Press / September 14, 2017

(TNS) -- Staffers using computer software to send mass emails to parents in the South Washington County school district inadvertently included an online link to private student information, according to investigation results released Tuesday.

District officials probed how students’ names, addresses, bus stops and other personal information were mistakenly sent to parents Aug. 16 in an email that was supposed to contain individual student transportation information.

The inquiry concluded that when a staffer tried to attach individual information to messages sent to parents, software mistakenly included a link to a file containing all students’ private data.

In a message to parents, district leaders said they’ve taken “robust” steps to protect students and ensure the mistake doesn’t happen again. That includes updates to district email policies, changes to bus stops and routes, and discussions with students about safety.

“We understand the frustration and concern expressed by our parents and community members regarding this human error,” Superintendent Keith Jacobus said in a statement. “It is my sincere hope that all those impacted will see that the district has taken this matter seriously and is working to make sure this type of incident does not occur in the future.”

About 18,000 students’ personal information was released due to the error.

Technical support from the district’s email service initially told school staff the personal information was included in an email attachment rather than a link, the investigation found. District officials noted they would have immediately disabled the link had they know that was an option.

District leaders plan future meetings with parents and other steps to improve the district’s cyber security. Student transportation information will no longer be sent by email; in the future parents will access bus information through a password-protected website, district officials said.

©2017 the Pioneer Press (St. Paul, Minn.) Distributed by Tribune Content Agency, LLC.