FCPS wrong on data breach, MSDE says
I posed several questions to MSDE regarding the recent student data breach at FCPS. I was told the Department was putting together a statement.
Here, in its entirety, is a statement from Maryland State Dept of Education's William Reinhard, Exec. Director of Communications for MSDE. I will be following this up with another story. KH
"The Frederick County Public Schools on Sunday released a statement on its student data loss that runs counter to the facts as State officials understand them.
The Department of Homeland Security’s Multistate Information Sharing and Analysis Center this month completed its forensic investigation of the breach. MSDE’s IT Department along with Maryland’s Department of Information Technology worked alongside investigators.
The final report from the Multistate Information Sharing and Analysis Center indicated that it was unable to determine where the breach occurred. There is no evidence that the breach occurred at the Maryland State Department of Education or, more specifically, that State Data systems were breached.
• MSDE in September was alerted to a data breach affecting student records from a local school system. The data breach occurred prior to March 2012. There is evidence of an attack later in the year, but no evidence of a breach.
• MSDE immediately notified the FBI and the Maryland Office of the Attorney General. The Department also contacted the State’s Department of Information Technology and the State’s Director of Cybersecurity.
• The data breach involved student names, social security numbers and dates of birth. No addresses, telephone numbers, or financial information were included in the breach.
The Maryland State Department of Education takes seriously its responsibilities regarding personally identifiable information and is following the recommendations set forth by the Office of Legislative Audits in June, 2016. The Department currently deploys the latest in antivirus software and uses enhanced encryption. MSDE continuously reviews its security posture, processes and protocols."
