Questions and Answers re
Pearson Data Security Incident
Exactly what happened?
WCSD was notified that one of its contractors, Pearson Clinical Assessment, has suffered a data security incident in an older version of their AIMSweb system.
Information on AIMSweb was accessed by an unauthorized third party. This information includes the first and last names of some students and staff members, and in about half of those cases, the students’ dates of birth.
Some staff members’ email address information was also accessed.
- Notification from Pearson Clinical Assessment
- WCSD News Release
- Letter to families
- How to access free credit monitoring
Whose information was accessed?
This incident impacts 114,000 students enrolled at WCSD between 2001 and 2016, and a small number of staff members.
When did this happen?
November of 2018. WCSD was provided notice on July 24, 2019.
Why are we being notified now?
It is common for an incident like this to not be discovered for many months. Public disclosure may also be delayed while law enforcement conducts investigations into the incident.
What information was accessed?
Students’ first and last names were accessed. In about half of the cases, birthdates were also exposed during this incident. A small number of staff members’ names and email addresses were also exposed, but the contact information is outdated. Further identifying information was not revealed and has not been compromised.
What should I do if I or my children were enrolled during the school years impacted by this event?
Every person must carefully consider their own course of action in all matters of privacy. Pearson is offering access to credit monitoring services for individuals who may be impacted.
How can I tell if my name or birthday was included in the compromised information?
The information is old and not specific enough for the District to identify exactly who has been impacted. We would recommend that all persons who have been enrolled or employed at WCSD between 2001 and 2016 act on the assumption that their information may have been included.
Was the information released a violation of the Family Educational Rights and Privacy Act (FERPA)?
The information in question is considered “directory information,” and WCSD has taken the proactive step of reporting the incident to the Family Policy and Compliance Office, which oversees FERPA. We will continue to work with Pearson Clinical Assessment to establish a complete picture of the incident. Parents and former students have the right to file a complaint with the Family Policy and Compliance Office at:
Family Policy and Compliance Office
400 Maryland Avenue, SW
Washington, DC 20202-4605
Phone: (202) 260-3887
How can I protect my identity online?
Here are a few tips:
- Use up-to-date security software
- Use strong passwords
- Only use reputable websites when making purchases
Also, you're entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting companies. Order online from annualcreditreport.com, or call (877) 322-8228. You will need to provide your name, address, Social Security number, and date of birth to verify your identity.
What can parents do to protect Children online?
Run a credit check on your child, using the resources listed above.
Always closely monitor your children’s activities online, and teach them about the risks of engaging with anyone they don’t know.
You may “freeze” or “secure” credit in order to keep an identity thief from establishing a new account in your name or your child’s name. A freeze does not affect your credit score, but it can impact whether you will be approved for a new credit card or a loan.
Online: Equifax Freeze Page
By phone: 800-685-1111
By Mail: Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348-5788
By phone: 888-397-3742
By Mail: Experian Security Freeze
P.O. Box 9554, Allen, TX 75013
By Phone: 888-909-8872
By Mail: TransUnion LLC
P.O. Box 2000 Chester, PA 19016
What is WCSD’s stance on this event?
At the Washoe County School District, we take very seriously the security of all student, family and staff data. Contracts are closely vetted to ensure the best protections are being taken at all times with all data. Staff are trained to identify, remediate and report on any and all instances of data incidents above and beyond the requirements placed upon us by legislation.