This message is intended to provide additional information about the recent data security incident, our response, and the steps you may take to protect against possible misuse of your personal information, should you feel it appropriate to do so.
To date, we have not received any indication that your information or student information was misused by an unauthorized individual. Rather, we are providing this notice out of an abundance of caution since our investigation revealed that an unknown actor gained access to our network data.
The Data Incident
As
we shared in March, as soon as we became aware of the possible data incident, we immediately engaged cybersecurity professionals, outside legal counsel, and other state and federal officials to investigate, secure personal information, and protect our network from further compromise.
The investigation revealed that a malicious actor gained access to HCPS network data and attempted to deploy ransomware to encrypt portions of the network.
The malicious actor’s network access was terminated soon after it was detected.
Please note that it is possible that, during the malicious actor’s limited window of access to our network, your personally identifiable information may have been viewed or accessed, but only to the extent your personal information was provided to HCPS. This information may include your full name or first initial and last name combined with your Social Security number, financial account information, driver’s license number, or other government-issued identification. However, we recognize that this information may not have necessarily been shared with HCPS.
Again, we have not received any indication that your information or student information was misused by an unauthorized individual. This information is being shared out of an abundance of caution.
Our Response
We take the confidentiality, privacy, and security of information in our care seriously. Accordingly, upon discovering the incident, cybersecurity professionals were immediately engaged and began an investigation to determine the nature and scope of the incident. Additionally, we reported the incident to the Federal Bureau of Investigation (FBI) Cyber Division and the Virginia Fusion Center and are committed to fully cooperating with law enforcement.
While the investigation remains ongoing, we are taking steps to implement additional safeguards and review policies and procedures relating to data privacy and security.
HCPS has implemented additional security measures designed to further protect the privacy of our students, families, and staff. Among other things, we have engaged a leading security service provider to help restore and improve our network, review our system’s architecture, and implement stronger procedures to prevent future attacks.
Steps You Can Take
While, again, we have not received any indication that personal information has been misused, we encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity. We also encourage you to review
the “Steps You Can Take to Help Protect Your Information” document for additional guidance.
We understand that you may have some questions about this incident. Should you have additional questions, please call Experian at 833-918-5811 Monday - Friday, 8 am - 8 pm Central Time (excluding major U.S. holidays). Be prepared to provide engagement number B163745.
Thank you for your continued support, patience, and understanding as we have worked to respond to this incident and restore our network.
Hanover County Public Schools