School district contains internal security breach

By: Cari DeLamielleure-Scott | West Bloomfield Beacon | Published March 23, 2016

Shutterstock image


WEST BLOOMFIELD — Passwords for West Bloomfield student Google accounts were reset after the West Bloomfield School District learned of an internal security breach that impacted a network-stored file containing student information. 

The file involved in the breach included the following student information: Google account usernames and passwords; first, middle and last names; student identification numbers; and students’ grade levels, graduation years, school names and birthdates. 

Pam Zajac, public relations and marketing coordinator for the district, said the information is common knowledge and there is “nothing to worry about.” 

The district learned about the breach the morning of March 9, and the issue was addressed and resolved within 45 minutes that same morning, Zajac said in an email. All student passwords were changed, and the new ones went into effect March 11. Parents were notified of the breach March 10. 

Student accounts and passwords were originally assigned by the district, and the accounts are only used for school activities, Zajac said in her email. 

The district’s information technology department researched the breach and determined that it was not widespread, according to a letter sent from Alesia Flye, deputy superintendent of curriculum and instruction.

“While doing other work, students noticed the Google student account password folder and reported it to administrators and subsequently to parents,” Flye said in the letter. “The IT department has determined that this file was a result of a virus on our network. During the restoration process, the file was inadvertently placed in the wrong location. We commend the students for reporting this to administrators and parents.”

Three students found the folder on their Google Chromebooks and reported it. 

Flye stressed that the breach did not include a student records file, but instead a student Google account password file.

While performing a search of all content associated with the file on both the West Bloomfield file server and the Google Drive accounts of all students and staff, the IT department found three instances where the file was located, which matched the three students’ findings. All were deleted by Oakland Schools Network Operations, according to Flye. Oakland Schools Network Operations investigated the best route to control the breach, and new passwords were given to the students.

“The privacy of student information is of utmost importance to the West Bloomfield School District. We will continue to monitor this situation and provide support for all students,” Flye said.