Edmonds School District investigating possible data breach involving students, staff and parents

The Edmonds School District — which has been without internet access since Jan. 31 — reported Friday afternoon that is is investigating a data breach that may affect the district’s students, staff and parents.

Information may include — but is not limited to — name, Social Security number, driver’s license number, date of birth, student identification number, financial account information, medical information, and student records, the district said.

In an announcement posted on the district website Friday, the district said it “recently discovered an incident that may have impacted the privacy of information related to certain students, staff and parents. While Edmonds is unaware of any actual or attempted misuse of information in relation to the incident, it is providing potentially affected individuals with information about the incident and steps individuals may take to help protect against the possible misuse of your information,” the district said.

The district announced Jan. 31 that it had identified “suspicious activity” and disabled all internet access.

In its Friday announcement, the district said it launched an investigation — still ongoing — “to determine the nature and scope of the activity.”  The investigation, being conducted with assistance of third-party forensic specialists, “determined that an unauthorized actor had the ability to view and acquire certain information stored on the network,” which occurred between Jan. 16 and Jan. 31.

“Therefore, Edmonds is undertaking a comprehensive review of the data at risk to assess if any sensitive information could be affected and to whom it relates,” the announcement said. “While this review is still ongoing, Edmonds wanted to inform potentially affected individuals as soon as possible so that they could take affirmative steps to protect their information should they deem it appropriate to do so,” the announcement continued.

The district said it is in the process of reviewing the data determined to be at risk and generating a list of potentially impacted individuals. Once this review is complete, the district plans to mail notification letters to individuals whose protected information could have been impacted.

The Friday announcement did not say when internet access would be restored.

The district said it encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring  credit reports for any unauthorized or suspicious activity.

Anyone with questions about the incident should call 425-431-7000, Monday through Friday from 8 a.m. to 4:30 p.m. If you call outside the hours listed, leave a message and someone will return your call as soon as possible. You may also write to the district at 20420 68th Ave. W., Lynnwood, WA 98036.

Steps you can take to help protect personal information:

Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also directly contact the three major credit reporting bureaus listed below to request a free copy of your credit report.

Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert,  contact any one of the three major credit reporting bureaus listed below.

As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a security freeze, you will need to provide the following information:

  1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. Addresses for the prior two to five years;
  5. Proof of current address, such as a current utility bill or telephone bill;
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.); and
  7. A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if you are a victim of identity theft.

Should you wish to place a fraud alert or credit freeze, please contact the three (3) major credit reporting bureaus listed below:

Equifax Experian TransUnion
https://www.equifax.com/personal/credit-report-services/ https://www.experian.com/help/ https://www.transunion.com/credit-help
1-888-298-0045 1-888-397-3742 1-800-916-8800
Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069 Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013 TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016
Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788 Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013 TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094

The largest school district in Snohomish County, the Edmonds School District has nearly 21,000 students and 2,100 teachers. It serves the communities of Brier, Edmonds, Lynnwood, Mountlake Terrace, Woodway and portions of unincorporated Snohomish County.

  1. Shouldn’t the district provide like other companies have free credit protection services? I can remember getting a years worth of free service.

  2. This should be deeply concerning for every past and present staff member, student, or ESD family. How will the district reach out to families that have long since left the area, or staff that have moved, or kids who have transferred?

    Until we know the specific scope, myedmondsnews should be holding the ESD’s feet to the fire!

  3. Thank you to the district, staff is working tirelessly (and sub-contractors) on this and keeping all current students and families updated almost daily. What is most relevant at the moment is that students do not have any access to their district computers, there is no staff email, no lunch tracking, no report cards, seniors do not have access to their transcripts, these are some of the issues at the forefront for all current students. We have received communication from the district indicating they will alert anyone who may have had their data compromised. Check out the district website to read all updates on this unfortunate incident. The district is not the bad actor here, these hackers have attacked and disrupted our entire community!

Leave a Reply

Your email address will not be published. Required fields are marked *

Real first and last names — as well as city of residence — are required for all commenters.
This is so we can verify your identity before approving your comment.

By commenting here you agree to abide by our Code of Conduct. Please read our code at the bottom of this page before commenting.