Security lapse left information on NC students vulnerable, district says

UNION COUNTY, N.C. — A lapse in security by a third-party vendor left the private data of students across North Carolina unsecured and vulnerable, according to Union County Public Schools.

A letter sent to parents earlier this week made them aware that students’ records from multiple school districts and charter schools, including Union County, were left unsecure in a cloud-based storage space called iLeadr.

The North Carolina Department of Public Instruction discovered the information was susceptible over the summer, the message said. At the time, it was not clear which records had been disclosed, but a state cybersecurity taskforce investigation confirmed UCPS files were accessible.

Data exposed did not include Social Security numbers or financial information, according to UCPS Superintendent Andrew Houlihan.

At this time, the district said there was no evidence any student information was accessed or has been used for anything improper.

According to UCPS, details that were temporarily exposed include student name, school name, student ID number, date of birth, gender, ethnicity, race, parent name and contact information, schools attended by grade, attendance records, core instruction plans, individual student learning plan, assessment data reports, progress monitoring data, academic behavior and observations, environmental inventory and hearing/vision/speech screening results.

Since being notified of the insecurity, the district said it worked with investigators and the vendor to determine the cause and ensure it does not happen again.

“We take this incident very seriously and are committed to protecting the confidentiality and security of our students’ records,” Houlihan said.

(WATCH BELOW: Residents push back against possible wastewater plant in Union County)

Comments on this article