Cleveland Metropolitan School District, Notice of Data Privacy Event

CLEVELAND, April 20, 2017 /PRNewswire/ -- Cleveland Metropolitan School District, ("CMSD"), recently discovered an event that that may affect the security of personal and financial information of a select group of employees, students, their guardians, and/or other affiliates of CMSD.

What Happened?  On March 6, 2017, CMSD determined that certain categories of employee, student, and/or guardian information contained in a limited number of CMSD employee email accounts may have been accessed by an unknown and unauthorized individual. By way of background, on January 13, 2017, CMSD received information that suspicious IP addresses had been detected accessing the CMSD computer network. Further investigation revealed that spoofed emails were sent to district employees directing them to click on a fraudulent link and enter their CMSD credentials.

CMSD learned that after employees entered their credentials, unknown and unauthorized actor[s] used those credentials to access affected employees' CMSD email accounts or other electronic information. After hiring an outside computer forensics expert and conducting a comprehensive forensic investigation, CMSD was able to identify the individuals whose information was contained in the affected employees' email accounts.

What Information Was Involved?  On March 6, 2017, CMSD determined that the following categories of employee, student, and/or guardian information were contained in one or more of the affected CMSD email accounts and may have been accessible to the unauthorized actor[s]: name, Social Security number, driver's license number, medical record number, and/or medical history. Please note, that CMSD is not aware of any attempted or actual misuse of the personal information contained in the email accounts.

What We Are Doing.  We take this incident, and the security of information in our care, very seriously at CMSD.  Since the original incident occurred on January 13, we have been diligently investigating, with the assistance of third-party forensic experts, and have taken steps to further enhance the security of our systems to better protect against future incidents of this kind. In addition, we are mailing written notice of this incident to all potentially impacted individuals for whom we have contact information, along with the same information contained below, entitled "Steps You Can Take to Protect Against Identity Theft and Fraud." We are also reporting this incident to the U.S. Department of Health and Human Services and posting notice of this incident on our website at www.clevelandmetroschools.org.

What You Can Do.  CMSD is encouraging employees, students, and their guardians who believe they may be affected as a result of this incident to review the below "Steps You Can Take to Protect Against Identity Theft and Fraud," and to call our confidential toll-free hotline at 888-752-4096, Monday through Friday, 9:00 a.m. to 9:00 p.m., E.D.T. or visit online at www.clevelandmetroschools.org. 

CMSD sincerely regrets any inconvenience or concern this incident has caused.  Below are "Steps You Can Take to Protect against Identity Theft and Fraud," should you have concerns regarding the security of your protected health information or personal information.

Steps You Can Take to Protect Against Identity Theft and Fraud

We encourage everyone to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity.  Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus.  To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also contact the three major credit bureaus directly to request a free copy of your credit report.

At no charge, you can also have these credit bureaus place a "fraud alert" on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name.  Note, however, that because it tells creditors to follow certain procedures to protect you, it may also delay your ability to obtain credit while the agency verifies your identity.  As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file.  Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

You may also place a security freeze on your credit reports.  A security freeze prohibits a credit bureau from releasing any information from a consumer's credit report without the consumer's written authorization.  However, please be advised that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing, or other services.  If you have been a victim of identity theft, and you provide the credit bureau with a valid police report, it cannot charge you to place, lift or remove a security freeze.  In all other cases, a credit bureau may charge you a fee to place, temporarily lift, or permanently remove a security freeze.  You will need to place a security freeze separately with each of the three major credit bureaus listed above if you wish to place a freeze on all of your credit files.  To find out more on how to place a security freeze, you can use the following contact information:

Although we have no reason to believe that your personal information has been used to file fraudulent tax returns, you can contact the IRS at https://www.irs.gov/Individuals/Identity-Protection for helpful information and guidance on steps you can take to address a fraudulent tax return filed in your name and what to do if you become the victim of such fraud.  You can also visit https://www.irs.gov/uac/Taxpayer-Guide-to-Identity-Theft for more information.

You can further educate yourself regarding identity theft, fraud alerts, and the steps you can take to protect yourself, by contacting the Federal Trade Commission or your state Attorney General. The Federal Trade Commission's fraud website is www.identitytheft.gov.

The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.  The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them.  You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud.  Please note that in order to file a crime report or incident report with law enforcement for identity theft, you will likely need to provide some kind of proof that you have been a victim.  Instances of known or suspected identity theft should also be reported to law enforcement.  This notice has not been delayed by law enforcement.      

To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/cleveland-metropolitan-school-district-notice-of-data-privacy-event-300443108.html

SOURCE Cleveland Metropolitan School District

[ Back To TMCnet.com's Homepage ]