CCSD determines vendor data security incident

CCSD determines vendor data security incident

It has been determined that a vendor used by the Clark County School District (CCSD) has experienced a data security incident involving multiple school districts including CCSD. An older version of Pearson Clinical Assessment’s program—AIMSweb—is involved in the incident.

It’s important to note that the only information exposed were student names and in some instances date of birth. Additionally, a small number of staff first and last names and work location were exposed. Any other identifying information was not revealed and was not compromised. 

This incident impacts approximately 559,487 students enrolled at CCSD schools between 2008 and 2019, and a much smaller number of staff members employed during the same period.

“The type of information involved in this incident was extremely limited,” said CCSD Chief Technology Officer Dan Wray. “However, CCSD makes every effort to ensure the safety of private information online and we set high standards for our own data systems and those we contract with to conduct business.”

CCSD is working with the vendor to ensure all necessary precautions are in place moving forward. Pearson is offering access to credit monitoring services for individuals who may be impacted. For information about this incident, including a letter to families, and resources for credit monitoring, please visit ccsd.net.

“Some of the information was generated more than a decade ago and many of the students are no longer in our schools,” said Wray. “However, we are working to be proactive and providing this information to the public out of an abundance of caution so that families and individuals are aware of the incident.” 

While AIMSweb1.0 is no longer in use, Pearson still provides some services to CCSD schools. Pearson has indicated that their other systems were not affected by this incident. CCSD will be working with Pearson to ensure that data in their possession has been appropriately secured and is appropriately deleted when it no longer serves any purpose in supporting the education of our students. 

A letter will be sent out to parents through Parentlink.

For a list of Frequently Asked Questions about the data incident, click here.