14 DAY TRIAL // Five vendors seeking to do business with the Chicago school district were delivered real personal data of 4,000 students for testing software intended for more efficient management of the district’s bus system.
Since the purpose of the data set required by the vendors was to check how their software solutions would fair, Chicago Public Schools (CPS) could have provided a random list of addresses or withhold certain details about the students.
Some information could have been withheld
However, the info received by the vendors included not only home addresses but names, phone numbers and disability status, too. Pick up and drop off locations were also included; no social security numbers were leaked.
As soon as the privacy blunder was acknowledged, CPS took steps to remedy the problem and contacted the vendors with a request to destroy the received data.
Chief Accountability Officer John Barker wrote in a letter to the parents that all the companies complied and confirmed that the information was destroyed responsibly.
Staff to be trained for safeguarding student data
The total number of student relying on CPS transportation is 22,500, according to Catalyst Chicago news outlet.
Despite having solved the problem, a data breach still occurred and could have had damaging consequences. To make sure that such an incident is not repeated, the District started staff training programs for safeguarding student information.
“CPS takes student privacy very seriously and we deeply regret these circumstances,” officials said in a statement to the news website. “To prevent future unauthorized disclosures, the District is training staff members on student information safeguards and the importance of maintaining student privacy,” officials added.
Hopefully, training will include sessions for spotting phishing attempts, which could lead to leaking sensitive data into the hands of cybercriminals, who can use it for online scams.