The Frederick County Schools recently reported a hack that compromised 1,000 former students, including dates of birth and social security numbers. In a news release on Sunday, Frederick officials said the data was stolen before 2010 and affected students, who were in attendance during 2005 and 2006.
School officials said they worked with the Maryland attorney general’s office, state education officials and FBI on an “extremely thorough” investigation that was only completed this month. The origins of the attack have not been concluded, because state and county officials cannot reach an agreement and so much time has passed since the breach occurred.
Frederick officials are pointing at the Maryland State Department of Education system (MSDE) as the source, but state officials are denying the claim. During the news release, Frederick school officials said that the MSDE determined its system was attacked and have taken the necessary steps to enhance the security of its system.
A spokesman for the MSDE, William Reinhard said, “runs counter to the facts.” He went on to say that there is no evident that the breach occurred at the Maryland State Department of Education or, more specifically, that the State Data systems were breached. A forensic investigation led by the Department of Homeland Security could not determine the real source. There was also no evidence found to prove a breach of the state system.
A post was discovered on an online forum called “Dark Stuff”. The post was created in 2012 and is still visible, offering 20,000 SSNs, along with a free sample of 1,000 names and SSNs from Frederick County Schools.
“We have been taking — and will continue to take — aggressive action on behalf of those affected,” Frederick school officials said. “We are working to have compromised data removed from websites where it may appear.”
The victims are being offered one-year of free credit monitoring and resorting services from Kroll, an online security firm.