-
Data Security Update
-
UPDATE: January 2022
As part of our ongoing efforts to continue improvements of the district’s IT infrastructure, Dallas ISD’s two-factor authentication feature is now in effect. Employees are reminded to register and setup through Duo to access all district systems whether inside or outside of the network. To learn more about Duo visit here.
Information on 鶹data security incident
The Dallas Independent School District recently received notice of a data security incident involving the district’s electronic records that may affect former and current students, alumni, parents, and district employees.
The confidentiality, privacy, and security of information in our care is one our highest priorities. We take this matter very seriously and have invested significant resources to protect sensitive data. Despite our efforts, the district is now one of a growing number of public and private organizations experiencing cyberattacks.
Federal law enforcement authorities have been contacted. At this time, it appears the affected information has been contained and that none of it has been shared or sold. However, we cannot be 100 percent certain until additional forensic analysis is completed.
The district’s IT team, assisted by forensic consultants, has addressed specific vulnerabilities that were exploited during this event and will continue efforts to augment security going forward.
We regret any inconvenience this incident may have caused and believe it is our responsibility to inform the public that we are taking steps to notify individuals whose records have been impacted.
We are committed to transparency and will continue to share updates with you, as they are available. Please check back on this website for the latest information.
Frequently Asked Questions
-
What happened?
On August 8, 2021, 鶹became aware of a data security incident involving certain student, parent, and employee data. The district invests significantly in cybersecurity resources to protect the confidentiality and integrity of your personal information. Unfortunately, the district is now one of an ever-growing number of public and private sector entities impacted by this type of cyber event. 鶹immediately deployed a team of our internal cybersecurity experts and external forensic consultants to investigate the incident, limit dissemination of the data, and implement additional security measures.
-
Was any data taken during the incident?
An unauthorized third party accessed the district’s network, downloaded data, and temporarily stored it on an encrypted cloud storage site. The data have since been removed from the site. To date, our cybersecurity experts have found no evidence indicating the data was otherwise accessed, disseminated, or sold. However, we cannot be 100% sure until our ongoing investigation is complete.
-
What types of data were exposed during this incident?
Student and employee data that we are required by law to maintain was exposed. At this time, we believe that the unauthorized third party accessed the following categories of data:
- Some current and former employees/contractors: first and last name, address, phone number, social security number, date of birth, dates of employment, salary information, and reason for ending employment.
- Some current and former students: first and last name, social security number, date of birth, parent/guardian contact information, and grades. For a subset of students, custody status and/or medical condition was also exposed.
-
Was my information exposed during this incident?
If you were a 鶹student, employee, or contractor between 2010 and the present, the above-referenced categories of data likely were exposed. We are continuing to investigate which data were exposed for each person.
-
Is law enforcement investigating this incident?
Law enforcement has been notified. We cannot comment further on law enforcement involvement at this time.
-
Why did it take so long to notify me?
From the moment 鶹became aware of this incident, an investigation was immediately launched to identify what information was exposed, and how. The district also took important steps to limit the dissemination of the data and arranged to provide all affected individuals with free credit monitoring and identity restoration services through Kroll, a third party credit monitoring service.
-
What is the district doing to prevent similar events from happening in the future?
The district is conducting a comprehensive review of its systems and implementing additional security measures. We are confident these changes will decrease the possibility of a future incident.
-
How do I receive updates on this incident?
Updates will be posted on the district’s website at .
-
Has anyone experienced fraud or theft as a result of this incident?
The district has not received any reports of related identity theft or fraud, but are continuing to investigate, along with proper authorities.