Exam company’s data breach, Central KY students could be affected
LEXINGTON, Ky. (WTVQ) — An exam registration company used by Fayette, Scott and Woodford County school districts, says it recently had a data security incident.
Total Registration, based in Colorado, helps students register for tests like the PSAT and Advanced Placement.
Back in April, the company says a security researcher and reporter looking to make sure the company’s information was not used improperly, found a misconfigured file system.
The personal information that was potentially out there: students names, grade levels, student IDs gender, date of birth, ethnicity, physical address and email address of students and parents, and phone numbers of both.
“If their emails get out there they can get sent all sorts of emails with possible viruses with links leading them to pages they don’t want to visit,” warns Heather Clary with the Better Business Bureau. “Opportunities that may end up stealing their information or money. There’s any number of things that could happen. Everyone should be cautious of unknown phone calls or texts that come to the cellphone, emails with attachments or links that you don’t know the origin.”
The company says the information would’ve only been accessible for 48 hours.
“No matter how long some information has been available whatever it is if it’s out there and the wrong person gets ahold of it it can cause as much as damage as if its been out there for five minutes or five weeks,” says Clary.
Total Registration says the data possibly exposed did not include social security numbers, credit card numbers or other financial information.
It also says aside from the researcher/reporter, it didn’t appear any third-party accessed the information.
“In this case it looks like nothing horrible has happened and thank goodness for that,” says Clary. “It just kinda puts everyone on notice that it can happen. Be careful.”
We’re told by a student in Fayette County, he received an email from the district about the incident.
For more information regarding the data breach, click here.