School vendor's database hacked

Staples High School on Wednesday July 25, 2018 in Westport Conn.

Staples High School on Wednesday July 25, 2018 in Westport Conn.

Alex von Kleydorff / Hearst Connecticut Media

WESTPORT — A vendor for the Westport school system has informed school authorities its database has been hacked.

An email sent Thursday from Interim Superintendent David Abbey and Director of Technology Natalie Carrigan to parents followed up on communication of the incident sent Wednesday.

According to the email, schools were notified on Monday by Pearson Clinical Assessment, which Westport and many other districts use for “assessment services,” that a breach occurred around Nov. 30 and that the FBI alerted the company in mid-March.

“It was determined that the intrusion into the Aimsweb 1.0 product occurred through a vulnerability in a third party software,” the email said. “At the conclusion of the investigation, Pearson was given the clearance to alert their customers of the breach.”

The district was then informed that the incident affected 5,074 students’ “directory information.”

“To help clarify, the ‘directory information’ was limited to first name, last name, and date of birth,” the email said.

The email explained the incident was a national breach that affected more than 13,000 schools and universities. It added Pearson was providing credit monitoring services to students at no cost and outlined how students can sign up for the services.

“We would like to reiterate that we take the privacy of student information very seriously and expect our vendors to do the same,” the email said.

A FAQ will be posted on Westport schools’ website in the next day to address parents’ questions, the notice concluded.

Scott Overland, director of media relations for Pearson, said protecting customers’ information is of critical importance to the company.

“We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability,” Overland said. “While we have no evidence that this information has been misused, we have notified the affected customers as a precaution. We apologize to those affected and are offering complimentary credit monitoring services as a precautionary measure.”