Honolulu Star-Advertiser

Thursday, November 21, 2024 77° Today's Paper


Hawaii NewsTop News

Probe finds no unauthorized access to Hawaii public school student data

An independent investigation of a possible data breach found no evidence that information on Hawaii public school students was viewed or stolen from a college planning website.

But the University of Hawaii is cancelling its contract with the private vendor, Graduation Alliance, that maintained the My Future Hawaii portal, which was shut down in July. The university said the company had failed to implement some data protection requirements in the agreement.

The My Future Hawaii website allowed students to gauge their interests, explore college and career choices, and apply to the university. UH P-20 Partnerships for Education had contracted with the vendor for the tool, which was used in classrooms at public high schools and some middle schools.

Graduation Alliance shut down the website when it discovered the possible exposure of data and UH and the Department of Education alerted the students’ parents and the public to the potential problem on July 22. The portal remains closed indefinitely.

Along with names, addresses and birthdates, the database had information on students’ gender, ethnicity, grade level, courses taken and grade point average.

Because no Social Security numbers, financial, driver’s license or health information was included, the incident was not considered a “security breach” under Hawaii law, according to Brent Suyama, spokesman for the university.

Graduation Alliance issued a written statement Thursday saying it hired an independent forensic firm to investigate and found no unauthorized viewing or retrieval of data.

“Graduation Alliance, an accredited education services provider, successfully completed an investigation finding no evidence that any student data was accessed, stolen or viewed by any unauthorized persons during a recent attack on a testing environment for a college and career exploration and planning platform,” it said. “No public-facing websites or systems were affected in this incident.”

“We are grateful for the diligent and swift actions that our team took to intercept this attack,” the company said. “Protecting the privacy and security of our students and customers’ information is a top priority.”

UH officials encourage everyone to take precautions including monitoring personal email, social media or financial accounts for unauthorized activity. They also recommend following the Federal Trade Commission’s advice on “Protecting Your Identity.

By participating in online discussions you acknowledge that you have agreed to the Terms of Service. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. Report comments if you believe they do not follow our guidelines. Having trouble with comments? Learn more here.