District officials probed how students’ names, addresses, bus stops and other personal information were mistakenly sent to parents Aug. 16 in an email that was supposed to contain individual student transportation information.
The inquiry concluded that when a staffer tried to attach individual information to messages sent to parents, software mistakenly included a link to a file containing all students’ private data.
In a message to parents, district leaders said they’ve taken “robust” steps to protect students and ensure the mistake doesn’t happen again. That includes updates to district email policies, changes to bus stops and routes, and discussions with students about safety.
“We understand the frustration and concern expressed by our parents and community members regarding this human error,” Superintendent Keith Jacobus said in a statement. “It is my sincere hope that all those impacted will see that the district has taken this matter seriously and is working to make sure this type of incident does not occur in the future.”
About 18,000 students’ personal information was released due to the error.
Technical support from the district’s email service initially told school staff the personal information was included in an email attachment rather than a link, the investigation found. District officials noted they would have immediately disabled the link had they know that was an option.
District leaders plan future meetings with parents and other steps to improve the district’s cyber security. Student transportation information will no longer be sent by email; in the future parents will access bus information through a password-protected website, district officials said.
©2017 the Pioneer Press (St. Paul, Minn.) Distributed by Tribune Content Agency, LLC.
