Sep 10, 2015 - This incident is isolated to a single staff computer at North Oldham High School. The breach involved a p
Continuing the Tradition of Excellence
Dear North Oldham High School student: We are contacting you because we have learned of a data security incident that occurred on Sept. 10, 2015, that may have involved some of your personal information. We do not have evidence at this time that personal information was accessed but we also cannot say definitively that it was not. This incident is isolated to a single staff computer at North Oldham High School. The breach involved a phising scheme that allowed access to a nutrition services computer, on which a database is stored containing approximately 2,800 NOHS student records, including records of past students. The database contained student names, dates of birth and social security numbers. Information regarding credit cards and contact information is not part of this database. Since discovering the possible breach, our school and district staff have worked closely with the Kentucky Department of Education as well as the supplier of the software involved. We are notifying you so you can be alert to possible misuse of your information. We have advised the three major U.S. credit reporting agencies about this incident and have given those agencies a general report alerting them that the incident occurred. However, we have not provided them personal information of anyone potentially affected by the breach. On the reverse side of this letter, we have included information explaining actions you can take to minimize or eliminate potential harm. We believe any incident of this type is serious and we strongly encourage you to review this information. We remind you that while it is possible this data was accessed, we do not have evidence that the security breach reached the records in the database. If you have further questions, please contact us via a dedicated email address,
[email protected], or by calling our Chief Operations Officer Dorenda Neihof at 502-241-3500. Please know we are completing a review of systems and procedures and making changes to better protect sensitive data in the future. Sincerely,
Rick McHargue Interim Superintendent Oldham County Schools
6165 W. Hwy. 146, Crestwood, Ky. 40014 | 502-241-3500 | Fax 502-241-3209 | www.oldham.kyschools.us
Recommendations for Protecting Your Identity • Submit a complaint with the Federal Trade Commission — you can find “data breach” under the identity theft section of the FTC Complaint Assistant at https://www.ftc.gov/complaint, or call 1-877-ID-THEFT (1877-438-4338). • Closely monitor any financial accounts held in your name. You can also obtain a free credit report from the three credit agencies by logging on to www.annualcreditreport.com (this is the official site provided by federal law to provide a free credit report on an annual basis). Even if you do not find any suspicious activity initially, the FTC recommends you review your credit reports periodically. • Kentucky law allows you to place a security freeze on credit files. By placing a freeze, someone who fraudulently acquires your personal identifying information will not be able to use that information to open new accounts or borrow money in your name. However, if you place a freeze, you will not be able to borrow money, obtain instant credit, or get a new credit card until you temporarily lift or permanently remove the freeze. To place a freeze, you will need to contact the three U.S. credit reporting agencies. The cost of placing the freeze is no more than $10 for each credit reporting agency for a total of $30. However, if you have filed a complaint with the FTC, there may be no charge. The three credit reporting agencies are Equifax, TransUnion and Experian. • For more information, see the website for the Kentucky Office of the Attorney General, Consumer Protection Services, at http://ag.ky.gov/civil/consumerprotection and click on “ID theft.”