The Prince George’s County Public School System notified employees on Friday evening of a possible security breach involving employees’ personal data.
“Your personal information may have been potentially exposed to others,” Deputy Superintendent Monique W. Davis wrote in anemail. “Please be assured we have taken every step necessary to address the incident, and that we are committed to fully protectingall of the information that you have entrusted to us.”
Davis said a report that contained employees’ social security numbers, birth dates and employee identification numbers was emailed outside of the school system. A spokeswoman for the system said the outside addresses to which the material was sent were the personal addresses of school staff members. Recipients have been contacted, said the spokeswoman, Lynn McCawley.
The school district apologized for incident in a statement released on Friday evening.
“Keeping sensitive employee information confidential and safe is a top priority for the school district,” McCawley said. “We sincerely apologize for the inconvenience and concern this incident has caused to employees, and we are working to ensure this does not happen again.”
McCawley said about 10,000 of the district’s 23,785 employees were affected.
Edmund Harris, a library media specialist at two schools in the county, said he was surprised to receive the email from the district’s human resources department.
“I just couldn’t believe this had happened, especially since it involves the social security numbers,” he said.
Theresa Dudley, a teacher at Benjamin Tasker Middle School, said data breaches have become commonplace, noting the security breaches at Target and Home Depot. She said she believes the school district is doing its best to handle the situation.
“It’s the age we live in,” Dudley said. “This kind of thing is happening more and more.”
But Harris said unlike Target and Home Depot, where millions of customers credit card information was stolen, the school employees’social security numbers were revealed, which could “cause a wider realm of possible mischief.”
School officials said sensitive data was inadvertently included in a routine monthly report that was shared internally by email last Friday.
When school officials became aware of the information, which was emailed to a group of principals, the district instructed its information technology staff to suspend the email accounts while they removed the email from the in-boxes.
During that process, they discovered that some of the information was sent outside the school system, according to Davis’ email to employees.
Davis said in the email that the school district will provide one year of free credit monitoring to anyone who was affected.
The following letter was sent to employees of the Prince George’s County Public School System notifying them of the breach.
Dear PGCPS Team Member:
A few days ago we learned that a report was generated and sent via e-mail to a select group of principals. When we became aware of the issue, the recipients’ PGCPS e-mail account was suspended so Information Technology staff could remove the email from their PGCPS in-boxes.
As part of that work, it was discovered some of the information was disseminated outside of the PGCPS e-mail domain. The report contained your Social Security Number, date of birth and employee identification number (EIN).
As a result, your personal information may have been potentially exposed to others. Please be assured that we have taken every step necessary to address the incident, and that we are committed to fully protecting all of the information that you have entrusted to us.
PGCPS is offering one year of free credit monitoring to all affected persons. Please be sure to look for the information on how to enroll in a notice that will be mailed to your home address in the next business day.
We regret this error and please know that we have taken aggressive steps to ensure an incident of this type does not happen again.
Monique Whittington Davis, Ed.D.