Network Security Incident Update 4.12.23
Notice of Data Security Incident
Little Rock School District (“LRSD”) experienced a data security incident that may have impacted the personal information of some of our current and former employees, students, contractors and/or vendors that worked with LRSD. We previously provided some information regarding this incident but want to update you now that our investigation into what occurred is complete. We respect the privacy and security of all information within our control and sincerely apologize for any concern this may cause our community.
In November 2022, LRSD identified suspicious activity that impacted its ability to access some of its systems. LRSD immediately implemented its incident response protocols and hired an independent computer forensics firm to help us investigate the nature and scope of the incident. The investigation determined that some information stored on LRSD systems may have been accessed by unauthorized third parties. That information was reviewed to identify any personally identifiable information that may have been impacted. This recently completed review found that the impacted information may have contained individuals’ names, addresses, Social Security numbers, financial account information, state and government ID numbers, and limited medical information.
We have notified law enforcement and the Arkansas Attorney General about this incident and will continue to cooperate with any subsequent investigations of theirs into this incident.
We have taken steps to enhance the security of our systems, including changing all LRSD passwords and implementing multi-factor authentication for remote access. While we are aware that information was taken from our systems by unauthorized third parties, we do not have any evidence that such information was actually viewed, used, or misused. All such information was returned, and we have obtained assurances that no use was made of the information. We have no evidence that personal information in this incident has been misused in any way. However, out of an abundance of caution, we are providing credit monitoring and identity protection services from Cyberscout at no cost.
Impacted individuals should remain vigilant for incidents of identity theft or fraud by reviewing bank accounts and other financial statements, as well as credit reports, for suspicious activity. Incidents of suspected identity theft should be reported to law enforcement or the attorney general. We also encourage individuals to contact Cyberscout with any questions and to take full advantage of the Cyberscout service offering.
For more information
For questions or concerns, please call 1-833-570-2993 Monday through Friday from 8:00 am – 8:00 pm Eastern Time. Your trust is our top priority, and we deeply regret any inconvenience or concern this matter may cause.
Little Rock School District – Frequently Asked Questions (FAQs)
- What happened?
In November 2022, Little Rock School District identified suspicious activity that impacted its ability to access some of its systems. Little Rock School District immediately implemented its incident response protocols and investigated with the help of independent computer forensic experts. The investigation found that some information stored on Little Rock School District systems may have been compromised.
- When did it happen?
Little Rock School District learned that personal information might have been compromised on February 22, 2023.
- What information may have been exposed?
A review of the information involved determined that individuals’ names, addresses, Social Security numbers, financial account information, state and government ID numbers, and limited medical information may have been impacted by this incident.
- Why has it taken so long to provide notice?
Once Little Rock School District learned of the suspicious activity, they immediately began an investigation to understand what information may be at risk. Independent forensics experts were hired to assist in the investigation and determine the incident's scope and nature. They then arranged for you to receive identity protection services at no cost. This process took time to complete.
- What should I do to protect my personal information?
It is always a good idea to review your bank or credit or debit card statements and immediately inform your financial institution if you notice any suspicious activity. You should also enroll in the identity protection services offered through Cyberscout. And you can visit identitytheft.gov for more information on how to protect your identity.
- What is being done to prevent this from happening again?
Little Rock School District has conducted a global password reset, implemented multifactor authentication for remote access to systems, implemented additional controls to further segregate systems containing sensitive information, and implemented endpoint threat intelligence software with 24/7 monitoring.
- Has the information been misused?
There is no evidence that any information has been misused, and we do not believe the information will be misused.
- Has this incident been reported to law enforcement?
Yes, this event was reported to federal law enforcement.
- Will there be any updates regarding the investigation? If so, how will I be notified?
The forensic review is complete; no additional notifications or updates will be provided.
- I’m with (the media) can you provide me with information about the Little Rock School District incident?
Please provide your contact information and organization; we will have someone contact you.
LRSD Network Issue
The Little Rock School District (LRSD) recently detected unauthorized activity on its network. Upon discovery, we immediately activated our incident response protocols and hired independent computer forensic experts to help us determine the nature and scope of the activity. We have also taken steps to notify law enforcement and will cooperate with any subsequent investigations into this incident.
The forensic analysis is still ongoing; however, the analysis has determined that some data may have been taken from our network. At this time, we do not know exactly what data may be at issue, but we are working as quickly as possible to be able to ascertain that information. Should we find any evidence student or employee data was impacted, we will notify all appropriate parties.
LRSD has implemented additional monitoring and threat detection software to supplement the security measures already in place and has taken steps to further secure its network. We are committed to completing a detailed review of our internal systems and will take everything we learned from the incident to strengthen our network for the future.
The forensic analysis and investigation into this unauthorized activity are still ongoing. We will share more information with our stakeholders and our community as we are able to do so.