The Dallas Independent School District says they learned of a data breach about a month ago that affects former and current students, alumni, parents, and district employees.
In an FAQ on their website, the district said someone downloaded data from their server and temporarily stored it on an encrypted cloud storage site. The district said the data have since been removed from that site and that there is no evidence it was otherwise accessed, disseminated, or sold but that they cannot be sure the data has not been shared publicly until a forensic analysis is completed.
The district discovered the attack on Aug. 8 and notified law enforcement agencies as they worked to verify what was exposed and how.
The district now confirms data taken includes names, Social Security numbers, phone numbers, addresses, and dates of birth for students, employees, and contractors since 2010. For students, the district said a subset of data was also taken that included parent/guarding contact information, grades, custody status, and medical conditions.
The latest news from around North Texas.
"The confidentiality, privacy, and security of information in our care is one our highest priorities. We take this matter very seriously and have invested significant resources to protect sensitive data. Despite our efforts, the district is now one of a growing number of public and private organizations experiencing cyberattacks."
The DISD said the IT team, assisted by forensic consultants, addressed vulnerabilities they believe were exploited during the attack.
"We regret any inconvenience this incident may have caused and believe it is our responsibility to inform the public that we are taking steps to notify individuals whose records have been impacted," the district said. "We are committed to transparency and will continue to share updates, as they are available. For more information, visit www.dallasisd.org/data."
The district said they will post a hotline number on their website on Sept. 3 that will be operated by Kroll, a leading identity protection technology company hired by the DISD to assist with managing the incident.
"As we determine which information was exposed, we will provide that to Kroll, and you will be able to get those answers by calling the hotline," the DISD said.
The district said they have not been notified of any instance of fraud or identity theft related to the data theft.