Childcare Training Database Breached
Arkansas State University Incident Affects 50,000More than 50,000 individuals who signed up for training as childcare workers in Arkansas had their online registration information breached, including complete or partial Social Security numbers.
See Also: Effective Communication Is Key to Successful Cybersecurity
Arkansas State University has been informed by the Arkansas Department of Human Services of unauthorized access to the childcare training database within the College of Education and Behavioral Science's Department of Childhood Services.
The breach involved a database related to the Traveling Arkansas Professional Pathways Registry, a professional development system designed to track and facilitate training and continuing education for early childhood practitioners in Arkansas, the university says in a statement. The registry tracks more than 6,000 workshops annually to train childcare workers, and participants register online through the registry.
"We have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files," Torres says. "We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation."
Arkansas State and the state's human services department have been working to transfer all data from the university's TAPP IT system to the human services department's system since December 2013. The department is expected to take over the registry in July.
Approximately 50,000 individuals whose information is in the database will be notified of the breach, says Henry Torres, the university's chief information officer. The database contains full Social Security numbers on a subset of the individuals, the university says, although it did not reveal how many. Most of the database tables included only four or five digits of a Social Security number. The statement from the university also says "personally identifiable information" was involved, though it's unclear what exactly was exposed.
The registry program is not part of the main university databases, so no student, faculty or staff records are involved unless they have participated in the TAPP Registry. Computer servers containing the databases were immediately disabled, Torres says, and the university has hired a security consultant who will assist in addressing the issues.
The university did not respond to a request for additional information.