Midland ISD School Board Approves Measures to Address Data Security Breach

Midland ISD School Board Approves Measures to Address Data Security Breach

By Geena Martinez
NewsWest 9

MIDLAND - The Midland Independent School District is moving forward with plans to protect students' data after a big security breach last week. Even though it was a thief who caused the breach, several steps are being put in place to make sure something like this doesn't happen again.

"I know it's been a tough week and those kind of things happen but I think you're taking the right steps," MISD School Board Member, Tommy Bishop, said.

A computer and hard drive were stolen from an administrator's vehicle. The thief got away with the social security numbers and birth dates of more than 14,000 current and former students.

On Monday, MISD school board members commended Superintendent Ryder Warren on his plans to address the problem. The biggest point of his plan was designating $90,000 dollars to help families of those affected.

The money will go toward paying for protective measures on student's data if it's illegally accessed.

A step-by-step guide on how to monitor credit history for identity theft will also be available for parents. In addition, Dr. Warren mentioned a possible hotline for parents if the how-to guide isn't enough.

"It's a bad situation," he said.  "A lot of us are affected as parents and so we're gonna do our best to support parents and kids and all caregivers."

Dr. Warren also wants to hire an outside auditor to look at everything they do, but more importantly, the district is analyzing their current policies and making adjustments.

"The changes that we're gonna make in our plan about what kind of laptops do we allow outside of the district, things like that," Dr. Warren said.

One board member suggested only using the last four digits of a social security number, if possible, in the future.

The Texas Education Agency was also notified of the breach last week but the information was passed along to the U.S. Dept. of Education. It turns out the data compromise violated the Family Education Rights and Privacy Act, also known as FERPA.

NewsWest 9 contacted the DOE and they said if there is a violation, schools are advised on what to do to be in compliance.

They went on to say, "There is no basis under FERPA to require that a school take action against individual school officials as a result of a FERPA violation."

There's no word yet on what action, if any, will be taken against the administrator whose equipment was stolen.

Dr. Warren said they've not yet been contacted by the DOE.

When NewsWest 9 reached out the department, they said due to federal privacy laws and regulations, they can neither confirm nor deny whether they've received a complaint regarding the MISD breach.