Oh ugh ugh ugh.
In early February, Berkeley County Schools in West Virginia experienced a ransomware attack. On March 3, the district issued a notice on its website that stated their investigation determined "some data stored in Berkeley County Schools’ network may have been accessed that included employee Social Security numbers and direct deposit information."
That notice makes no mention of any student information being involved.
But Vice Society has added Berkeley County Schools to their leak site and has dumped a LOT of personal and sensitive info on students. Some of it goes back years, too.
Read my post at
https://www.databreaches.net/highly-sensitive-files-from-berkeley-county-schools-dumped-by-ransomware-gang/
That district has a LOT of accounting to do, and a lot of changes to their data retention and protection. And of course, FERPA doesn't actually require them to notify the students or families -- only to make notations in their records that the files were disclosed without authorization.
#databreach #ransomware #EduSec #dataprotection #incidentresponse #FERPA #infosec
@douglevin @brett @allan@ioc.exchange @BleepingComputer @AlvieriD