Data Security Incident 9/15/23
This notification informs you of a data security incident in the Harrison Central School District. On Tuesday, September 19, 2023, the Department of Homeland Security contacted the District to report suspicious activity in the school district computer network. The District engaged computer forensic experts to investigate. We have taken all recommended measures to address this incident and secure the network.
On September 15, 2023, unauthorized individual(s) associated with a known network of computer hackers breached the security measures protecting four of the District’s computer network servers. These four servers were in the process of being deactivated as a part of the District’s recent security upgrades. Three of the four computer servers contained no student or employee information; the fourth server contained student demographic information associated with the District’s library system. This server's student demographic information included student names, addresses, dates of birth, parent names, phone numbers, and student school district ID numbers for students who attended Harrison schools during the 2014-15, 2015-16, and 2017-18 school years. None of the four computer servers in this incident contained student educational records, test scores, confidential health information, or social security numbers (the District does not collect or store social security numbers for any students).
The student directory information that may have been accessed (i.e., student names, addresses, dates of birth, parent names, phone numbers, and student school district ID numbers) does not include more sensitive information associated with identity theft. According to the forensic analysis conducted so far, the files from the District’s library system server with student demographic information were not opened, but it is possible this information may have been copied or exported.
The District is partnering with the Department of Homeland Security and other computer safety experts to investigate this incident thoroughly. The preliminary forensic analysis indicates that only the four servers were affected by this breach; the rest of our network was unaffected.
Acting on expert advice, the District has further strengthened the safeguards to protect and encrypt student and employee data from unauthorized access. The District considers the security and privacy of students, families, and employees paramount.
If this investigation produces any other relevant information, the District will share it with parents, faculty, and staff.
If you have any questions, please email the District Data Privacy Officer at dataprivacy@harrisoncsd.org.