School employee, student information exposed

Personal information belonging to more than 2,600 Prince William County students, employees and volunteers was exposed through an Internet file-sharing program for about five weeks this summer, school division officials said Tuesday.

A school employee was working at home on a personal computer this summer and inadvertently exposed the information while using a file-sharing program, officials said.

The data was posted for about five weeks before “a good Samaritan” security specialist noticed it on Aug. 18 and alerted school officials, school division spokesman Ken Blackstone said.

“We then immediately took steps to secure the date and investigate what exactly was exposed and to notify those affected,” Blackstone said.

According to a school division investigation, no one accessed the data while it was exposed.

“We take this situation very seriously and we are very sorry this happened,” Deputy Superintendent Rae E. Darlington said in a statement. “Fortunately, the School Division’s investigation has produced no evidence to date that this information was actually accessed
by anyone during the period in question, other than the security specialist who first alerted us to its presence.”

The exposed student information included names, address and student identification numbers of 1,625 students who have applied to or attended Porter Traditional School since 2004 or attended Montclair Elementary School before the 2004-2005 school year.

Also exposed were names and social security numbers of 65 school division employees and other confidential information about 257 other
school employees.

The names, address and email address of 736 volunteers at Porter Traditional School were also exposed.

School officials sent letters to all of the people affected and set up a hotline to answer their questions.

Anyone affected should have recieved a letter by today, Blackstone said.

School employees, volunteers and parents who received those letters can call 703-791-8157 between 9 a.m. and 3:30 p.m. Monday through Friday or email pwcsie@pwcs.edu if they have questions.

“The good thing is we know exactly who these folks are and we were able to send them a letter directly. So, people don’t have to ask ‘Was I affected or not?’,” Blackstone said.

Anyone who was not affected by the exposed data but would like to talk to school officials about the incident is asked not to call the hotline, but to email pwcsie@pwcs.edu.