Munster student gained access to school network – Chicago Tribune
Munster student gained access to school network
By Carole Carlson
Post-Tribune
•
Dec 14, 2022 at 6:00 pm
Expand
School Town of Munster parents learned recently a student gained access to an administrative file back in April and copied privacy information.
Superintendent Bret Heller told parents it was discovered Oct. 26 after officials noticed an administrative file in an unexpected location. Through an investigation, officials found a student gained access and copied the administrative file from a food services system.
“We further learned that the administrative file may have also been shared with other members of the school community,” Heller said in the letter.
According to a frequently asked questions section on the school district’s web site, the investigation revealed that a student used a command line interpreter application on their device to manually seek out various hosts on the network, and during that process, the student came across the food services system and discovered that the system was open, thereafter proceeded to navigate to and see data stored on the system that is used verify student lunch account balances and eligibility for lunch programs. The district said that the system had been temporarily configured in a way that did not block such access for troubleshooting purposes, but since being made aware of the data breach, immediately took steps to confirm that this issue was properly remediated.
Ad ChoicesHOTEL RIU TIKIDA DUNASSPONSORED CONTENT
HOTEL RIU TIKIDA DUNAS
Hotel Riu Tikida Dunas
By RIU
Parents of students, whose information may have been exposed, received a letter from the district Dec. 6. Their students also received a one-year complimentary enrollment in an identity protection service through IDX, a privacy protection platform.
The incident impacted students enrolled during the 2021-22 school year.
Heller said the district was working with the students involved, and their parents, to confirm all copies of the administrative file have been deleted and none of the information has been retained.
“We want to emphasize that we are taking this situation extremely seriously,” Heller said. “We are committed to the protection of all information in our possession, and have implemented additional technical and administrative controls to protect student information,” Heller said.
Heller said the misuse of district network resources was a serious violation of the Student Code of Conduct and would be treated with appropriate disciplinary actions.
Parents whose students’ data was accessed were told the administrative file included student names, Social Security numbers, birth data, student identification, address and parents’ names and email addresses.
Officials recommended parents enroll their child in the complimentary IDX protection program and review statements from their accounts closely and take other security measures.
The Munster incident came to light a few weeks after the Crown Point Community School Corp. suffered a network outage that prompted officials to cancel school for one day on Nov. 28.
Crown Point parents and staff members were told an investigation in the case could take weeks and they should monitor financial statements and credit card reports for suspicious and unauthorized activity.
Crown Point police said last week it hadn’t been contacted by the district.
By Carole Carlson
Post-Tribune
•
Dec 14, 2022 at 6:00 pm
Expand
School Town of Munster parents learned recently a student gained access to an administrative file back in April and copied privacy information.
Superintendent Bret Heller told parents it was discovered Oct. 26 after officials noticed an administrative file in an unexpected location. Through an investigation, officials found a student gained access and copied the administrative file from a food services system.
“We further learned that the administrative file may have also been shared with other members of the school community,” Heller said in the letter.
According to a frequently asked questions section on the school district’s web site, the investigation revealed that a student used a command line interpreter application on their device to manually seek out various hosts on the network, and during that process, the student came across the food services system and discovered that the system was open, thereafter proceeded to navigate to and see data stored on the system that is used verify student lunch account balances and eligibility for lunch programs. The district said that the system had been temporarily configured in a way that did not block such access for troubleshooting purposes, but since being made aware of the data breach, immediately took steps to confirm that this issue was properly remediated.
Ad ChoicesHOTEL RIU TIKIDA DUNASSPONSORED CONTENT
HOTEL RIU TIKIDA DUNAS
Hotel Riu Tikida Dunas
By RIU
Parents of students, whose information may have been exposed, received a letter from the district Dec. 6. Their students also received a one-year complimentary enrollment in an identity protection service through IDX, a privacy protection platform.
The incident impacted students enrolled during the 2021-22 school year.
Heller said the district was working with the students involved, and their parents, to confirm all copies of the administrative file have been deleted and none of the information has been retained.
“We want to emphasize that we are taking this situation extremely seriously,” Heller said. “We are committed to the protection of all information in our possession, and have implemented additional technical and administrative controls to protect student information,” Heller said.
Heller said the misuse of district network resources was a serious violation of the Student Code of Conduct and would be treated with appropriate disciplinary actions.
Parents whose students’ data was accessed were told the administrative file included student names, Social Security numbers, birth data, student identification, address and parents’ names and email addresses.
Officials recommended parents enroll their child in the complimentary IDX protection program and review statements from their accounts closely and take other security measures.
The Munster incident came to light a few weeks after the Crown Point Community School Corp. suffered a network outage that prompted officials to cancel school for one day on Nov. 28.
Crown Point parents and staff members were told an investigation in the case could take weeks and they should monitor financial statements and credit card reports for suspicious and unauthorized activity.
Crown Point police said last week it hadn’t been contacted by the district.
