A reader informed DataBreaches.net that on February 15, a burglary at a locked Washoe County School District building resulted in the theft of two flash drives containing limited personal information on a number of the district’s students.
On March 11, the Department of Student Health Services notified parents and guardians about the theft of the unencrypted drives, which reportedly contained the names, dates of birth, and schools the students re-enrolled in or withdrew from between January 1, 1986 and February 12, 2010. According to the letter signed by Dana Balchunas, Director of Student Health Services, the flash drives were used to store information about the location of student health records. The district stated that it is required, by its own policy, to retain health records for a “period of time after students graduate.”
When asked whether any other kind of information was on the stolen drives, a Washoe County School District spokesperson informed DataBreaches.net by e-mail that no contact information, Social Security Numbers, or Medicaid ID numbers were on the flash drives:
“No student records as defined by FERPA, HIPPA (sic), or NRS [Nevada Revised Statutes] 603A were on the flash drives.”
According to the spokesperson, the flash drives, which were used as backup devices, contained the described information on 26,152 students. The district’s current enrollment is approximately 60,000. In their statement to DataBreaches.net, the spokesperson expressed the district’s regret over the incident and indicated that the district was bolstering its security to prevent future recurrences:
The Washoe County School District regrets that the limited information was released, but we remind everyone that it was due to a burglary in one of our facilities, not from negligence on any employee’s part. Additional security steps have been implemented in that facility and all these data devices are now encrypted.