Security Breach Information

A forensic analysis has been completed in the breach of a 4J server around the turn of the year. There are no indications that any bank account information, vendor information, or former employees' identity information was accessed. However, it is possible that current employees' personal identity information was compromised.

What Happened?

In early January 2010, during an assessment of recent computer network activity, Eugene School District 4J identified that a server's security had been breached and quickly took steps to notify those whose information might have been exposed.

A computer forensic analysis was then performed to gather more information about what might have been compromised. While the district still cannot know for certain whether any personal information was accessed, the analyst’s efforts have narrowed down the possibilities of what might have been exposed in the cyber attack.

Who/What Is Affected?

The breached server did not contain sensitive employee information, and no sensitive information was being transmitted to or from the server around the time that staff noticed unusual activity and shut down the server. However, current employees’ names, addresses, phone numbers, dates of birth, and social security numbers are sometimes transmitted through that server.

The forensic analyst found indications that a piece of malicious software called a “sniffer” (or “packet analyzer”) might have been installed to capture any data that passed through the breached server and send it to an off-site computer. The analyst was unable to establish when the possible sniffer software might have been installed — if it was around the same time or shortly before the unusual activity was noted, no private information should have been compromised, but if it was there for longer, current 4J employees’ personal identity information might have been exposed.

Who/What Is Not Affected?

Because the possibility that connected servers were breached could not initially be ruled out, 4J sent notification letters to about 13,000 current and former employees. Later forensic analysis found no indications that the connected servers — and the bank account information, vendor data and former employee data they contain — were accessed.

Employees' bank account information: The forensic analysis found no indication of any attempt to access servers beyond the one that we know was breached. Thus, we have no reason to think that employee bank account numbers could have been compromised, as had initially been a concern.

Former employees' data: Past employees who worked for 4J after July 1, 1991, were notified of the breach, but later forensic analysis found no indication of any attempt to access servers that contained former employees' information. 

Vendor information: Forensic analysis also found no indications that vendors’ information was compromised.

Student data: Student information is stored separately from employee and vendor data, and the district did not ever have any reason to think that student data might have been compromised.

What Can I Do?

There are specific steps you can take to protect yourself from the possibility of identity theft or other misuse of your personal information. The Federal Trade Commission suggests steps you can take to protect your financial accounts, protect against fraud, monitor for fraudulent activity, and report suspected fraud — please see below.

What Is 4J Doing?

We sincerely regret the inconvenience this may have caused to our employees. The district has taken measures to further protect the involved server, undertaken a thorough investigation of the security breach, and notified police of the cyber attack. We remain committed to safeguarding the privacy of personal information by continually upgrading systems and practices to enhance the security of sensitive information. 

What To Do If Your Personal Information Has Been Compromised

It is possible that current 4J employees' information might have been compromised in this cyber attack. The Federal Trade Commission (FTC) has provided specific steps you can take to protect yourself from the possibility of identity theft or other misuse of your personal information when there is a possibility that an unauthorized person has obtained your information.

Protect Against Fraud: When accessed information may have included your social security number, as in this case, the FTC recommends that you call one of the three nationwide consumer reporting companies to place a free 90-day fraud alert on your credit reports — you only need to call one of the companies, which will alert the other two. This alert can help stop someone from opening new credit accounts in your name.

Equifax: 1-800-525-6285
Experian: 1-888-EXPERIAN (397-3742)
TransUnion: 1-800-680-7289

Call at any time, 24 hours a day, and phone prompts will guide you through the process to place an initial 90-day fraud alert on your account, free of charge. You may issue consecutive 90-day alerts, if you want to continue for longer.

Monitor For Fraudulent Activity: When you place this alert on your credit report with one nationwide consumer reporting company, you’ll get information about ordering one free credit report from each of the companies. The FTC says it is prudent to wait about a month after your information may have been stolen before you order your report, since suspicious activity may not show up right away. Once you get your reports, review them for suspicious activity, such as inquiries from companies you did not contact, accounts you did not open and debits on your accounts that you cannot explain. Check that the information — including your Social Security number, address(es), name or initials, and employers — is correct.

Report Suspected Fraud: Finally, if you find any suspicious activity on your credit reports, call your local law enforcement agency immediately.

Learn More: For more information about how to prevent identity theft, please see http://www.ftc.gov/idtheft.