Renton School District, (“RSD”), Notification of Data Security Incident

Attorney General Bob Ferguson
Office of the Attorney General
1125 Washington St SE
PO Box 40100
Olympia, WA 98504
E-Mail: [email protected]
Re: Notification of Data Security Incident
Dear Attorney General Ferguson:
We represent Renton School District, (“RSD”), located in Renton, Washington. This letter is being
sent on behalf of RSD in connection with a data security incident described in greater detail below.
I. Background and Time Frame at Issue
On or around May 4, 2022, RSD received notice from a vendor that it had previously contracted
with that said vendor suffered a network security incident on January 8, 2022. Moreover that, by
March 24, 2022, this vendor had confirmed that certain databases containing potentially protected
student information it maintained were subject to unauthorized access between December 28,
2021, through January 8, 2022. More specifically, that RSD’s data this vendor had maintained
may have been exposed as well.
Although we have no evidence that any personal information itself was misused in connection with
this incident, out of an abundance of caution, we are notifying potentially impacted individuals of
this incident via the enclosed letter.
II. Number of Washington Consumers Impacted/Type of Information at Issue
On May 31, 2022, we determined that some personal information belonging to 20,509 Washington
residents resided in RSD’s data, maintained by this third-party vendor, which may have been
accessible to or accessed by the unauthorized individual(s). The personal information that may
have accessed without authorization included: student names, student identification numbers,
academic and behavior information, enrollment information, accommodation information, and
student demographic information.
III. Steps Taken to Contain Breach
Attorney General Bob Ferguson
June 21, 2022
Page 2
4857-2638-2117.1
LEWIS BRISBOIS BISGAARD & SMITH LLP
www.lewisbrisbois.com
On June 17, 2022, RSD notified 20,509 potentially affected Washington residents by first class
U.S. mail. RSD provided complimentary credit monitoring and identity protection services through
IDX. A sample copy of the notification letter is included with this correspondence.
As you can see, the notification letter provides information about the incident, the categories of
personal information involved, and recommended steps that individuals may take to protect their
information. It also offers complementary identity protection services by IDX, a global leader in risk
mitigation and response. The services include credit monitoring, Cyberscan dark web monitoring,
$1 million identify theft reimbursement insurance, and fully managed identity recovery services for
12 months.
If you have any questions or need additional information, please do not hesitate to contact me at
(213) 358-6067 or via email at [email protected].
Sincerely,

Jason S. Cherry
Lewis Brisbois Bisgaard & Smi