EUGENE, Ore. -- Hackers breached the security a computer server containing the names, phone numbers and employee ID numbers of current and former Eugene School District employees, the district said Tuesday.
Breach involved information from up to 26,000 people and vendors
Q: How many people were affected by the security breach?
Q: How many people's information was on the networked servers?
The networked servers also contained information about approximately 13,000 vendors.
Q: Was student information compromised?
Source: Eugene School District 4J
The server in question did not contain other personal information but was attached to servers that contain Social Security numbers and other sensitive data, the district said.
"Although unlikely, it is possible that the individuals responsible may have accessed names, addresses, dates of birth, Social Security numbers, tax identification numbers and direct-deposit bank account information for current and former staff members," the district said in a press release.
The district said it is in the process of notifying current and former employees and vendors about the cyber attack. | Read the letter to employees
"There is no indication that sensitive personal information was accessed," the district said, "but because the possibility cannot be ruled out at this time, the district is sharing information about the breach and about steps that potentially affected individuals can take to protect against misuse of their personal information."
The district's computing staff recently noticed unusual activity on a department's server and immediately shut down the server as a precaution, the district said.
"Our initial analysis indicates that the activity was likely an attempt to strike at an outside server, using 4J’s server for what is known as a 'denial-of-service attack,'" the district said.
"In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services," according to the U.S. Computer Emergency Readiness Team. "By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer."
The school district server contained a list of Eugene School District 4J employee names, home phone numbers and district employee identification numbers, but did not contain other personal information. The server was connected to other servers that do contain personal information, and while there are safeguards protecting these servers and the district has no indications that they were accessed, district officials could not rule out the possibility that they may have been compromised.
"A thorough investigation of the security breach has been initiated, police have been notified, and the district has taken measures to further safeguard the involved server," the district said. "We are continuing to assess our information security systems to make certain that we have all appropriate measures in place to ensure that personal information is secure. We sincerely regret any inconvenience this may cause to our staff and vendors."
For more information, please visit www.4j.lane.edu/databreach. Current and former 4J staff and vendors who may be affected and who have questions can send email to email@example.com or call (541) 790-7730.