Cedar Rapids schools planning on opening for first day regardless of security breach

Published: Jul. 28, 2022 at 6:09 PM CDT
Email This Link
Share on Pinterest
Share on LinkedIn

CEDAR RAPIDS, Iowa (KCRG) - Cedar Rapids Community School District Superintendent Noreen Bush said the district will be open and ready for students to start the school year after a cyber attack.

It’s the first Bush or any official from the Cedar Rapids Community School District has spoken about a security breach, which shut the district down for a week on July 4th. Documents filed with the Iowa Attorney General’s Office show about 8,790 people living in Iowa had their data exposed.

According to documents, data exposed includes social security numbers, bank account information, medical information and other personal information.

Bush said lawyers and investigators have told the district not to answer questions or speak publicly about the incident the district has called a “cyber security incident”, which is the rationale for the district not speaking publically about the security breach. She said those lawyers and investigators believe information could hurt the investigation or recovery process.

Bush couldn’t give a timeline on when the district could release more information but said the district’s IT staff is working nonstop to get the school ready for the year along with third-party cyber security companies. She said the district is speeding up efforts to upgrade to new Chromebook to help make technology systems stronger due to the incident.

Emails our i9 Investigative Team have received show a number of tools from the district aren’t working properly since the security breach including window devices, wireless access for personal devices, printing within buildings, scanning, faxing, and online education tools.

Shelley Hines, who said she last worked at the district in 2014, said she received a letter from the district explaining her data was exposed earlier this week. She said she’s concerned her data was exposed and was notified three weeks after the district discovered her data was exposed.

“Where’s the communication at?” Hines asked. “Three weeks later, now look at what anybody could do with three weeks.”

She was also concerned the district still had her data after she left the district about 8 years ago.

State and federal law requires districts to keep personnel records for a certain time. TV9 couldn’t find a policy in the Cedar Rapids handbook, but the Glenwood Community School District in western Iowa keeps some employee’s data for up to 60 years.

Regarding the three-week notification gap, the notification to the Attorney General’s Office explains it took the district about two weeks to get former staff members’ most recent addresses.

Copyright 2022 KCRG. All rights reserved.