East Burke High School Posts 163 Teacher, Bus Driver SSNs OnlineFOR IMMEDIATE RELEASE: September 4, 2008
Media Contact: Aaron Titus
CONNELLY SPRINGS, North Carolina. In August 2003, several files used to prepare the 2003-2004 East Burke High School Student Directory were placed on the school's website, and forgotten for more than five years. One of those files contained sensitive employee information including names, social security numbers, addresses, phone numbers, job titles, e-mail addresses, and a few unlisted phone numbers. In total, the file contains personal information for 163 staff (teachers, bus drivers, custodians, and others) who then worked at East Burke High.
The Liberty Coalition notified the school district of the breach on August 27, 2008. School officials removed the file within 20 minutes, and worked to clear search engines caches. The Liberty Coalition worked directly with Superintendent David Burleson to address the breach. We made the following recommendations to the district:
- Though Burke County Schools must keep all employees' social security numbers on file for tax and other purposes, the district should replace social security numbers with new employee numbers to minimize the number of staff with access to employees' social security numbers.
- Burke County Schools should perform a thorough review of which employees currently have access to sensitive staff and student personal information, and identify those who do not need full access.
- The school district should also begin mandatory staff training on privacy, and proper handling of personal information.
- The school district should contract with an identity theft protection company to provide free credit protection services to victims.
- The school district should also perform a complete scan of their servers in the next month, to confirm that no other personal information is at risk.
Individuals affected by this exposure should immediately visit www.nationalidwatch.org and search for their names, to confirm what types of personal information were exposed. NationalIDWatch.org has a list of recommended steps victims should take.
National ID Watch is a search engine for personal information breaches. Sponsored by the Washington, DC non-profit Liberty Coalition, NationalIDWatch.org provides more than a million free personalized Identity Exposure Reports™ as a public service.
Each Identity Exposure Report (IXR) documents what types of personal information were exposed (such as Social Security Numbers, Birth Dates, Addresses, etc.), without revealing them. Each IXR also details the situation surrounding each exposure, and contact information of those responsible for the breach. Armed with this information, victims can further investigate, take action, or correct harm.