News

Actions

Nampa School District investigating cyber security breach

Nampa School District investigating cyber security breach
Posted
and last updated

The Nampa School District Thursday informed its employees of a potential security issue involving personally identifiable information. 

“The district discovered an individual had gained unauthorized access to a school district e-mail account, which contained information about 3,983 of its current and past employees,” said Nampa School District spokeswoman Kathleen Tuck. “The breach was secured within a couple of hours of log-in. Upon investigation, the district learned the account had been accessed from outside the country. It affected a single e-mail user and was not a system-wide incident.” 

The district has been working with a team of investigators from Navigant, an independent cybersecurity investigation firm, to determine what information may have been accessed, Tuck explained. “The information stored in the affected e-mail account includes certain individuals’ names, Social Security numbers, birth dates, and/or financial account information.” 

“While we sincerely believe that no personal data has been compromised in this incident, the district is erring on the side of caution by notifying all current and past employees whose personal information may have been viewed or copied in connection with that account. A letter has been sent to everyone affected,” she said.

The district took steps to address the incident as soon as it was discovered, including initiating an internal investigation and retaining Navigant to assist in the investigation of and response to this incident. “Additionally, NSD has enabled Data Loss Prevention in Office 365, which detects the transmission of sensitive personal data; has updated its retention policy for district emails; is initiating new password requirements; and has required some users to utilize multi-factor authentication. The district also has new cybersecurity awareness training requirements that will be sent to all employees,” Tuck stated.

Employees whose information was included in this account will receive one year of complimentary identity protection services.