Thousands of students and district employees in the El Paso Independent School District are at risk of having their personal information leaked into cyberspace.
The district confirmed Wednesday afternoon that their internal network, which includes names, addresses and Social Security numbers for approximately 63,000 students and 9,000 employees, was hacked.
EPISD officials released this letter to parents:
"Dear Employees, Parents, and Students:We regret to inform you that the Internal Network (myepisd.org) at the El Paso Independent School District (EPISD) has been infiltrated by an unknown entity (hacked). This infiltration has resulted in the illegal access to teacher and student information by the hacker(s), which is information that includes names, birthdates, addresses, and social security numbers.We are working diligently to identify how this occurred; however, we believe it is imperative that we communicate this information as soon as possible to you so that you are able to take immediate action to protect your personal information and accounts, both current and future. Please refer immediately to the following websites: http://www.ftc.gov/idtheft or http://www.fightidentitytheft.com. These sites will provide you with the immediate steps you can take to protect your identity, which include fraud alerts and a credit freeze.We immediately alerted the FBI?s Infragard Division to report the breach and will continue to provide you with updated information regarding this situation. We are taking this breach extremely seriously and will continue to take all possible action to address this issue."
Here are some additional helpful links for concerned parents and teachers:
The district found out their internal network had been hacked when a legitimate anti-identity theft company based out of New York, Identity Finder LLC, called EPISD. Aaron Titus works for the company and said they do routine checks on webpages frequented by hackers. "We called (EPISD) out of courtesy," said Titus, who explained the company's goal of ending identity theft. They will often call organizations that have been vicitmized even if those organizations are not their clients. "We're doing this to protect people."
Identity Finder has offered EPISD free network security services for six months following this hacking incident.
The breach was discovered on a webpage used by hackers in a post titled, "El Paso School District Hacked Hard," which included the names and student ID numbers of several EPISD kids. The hackers claimed they also got access to social security numbers but did not disclose that information.
Titus said the risk of identity theft remains. "Once that information is online, it's passed around and sold and re-sold by identity thieves and there's no real way that you can stop that," he said.
Some identity thieves target children by using their unused social security numbers to open accounts, which they can use to rack up mountains of debt.
Unanswered questions remain about how and why the hacking happened. Stay with ABC-7 for the latest.