School Testing Vendor Data Breach Exposes Info of 663 Mississippi Students

Article

Mississippi education officials said last week that a recently disclosed data breach by a testing vendor has exposed information from 663 students in Tupelo and Jefferson County.

State Superintendent Carey Wright said that Questar Assessment believes an unauthorized user gained access to records from 2016 tests for 490 students at Tupelo Middle School, 72 at Tupelo High School and 101 at Jefferson County Junior High on Dec. 31 or Jan. 1.

The Mississippi Department of Education plans to send letters to every student affected.

The unit of New Jersey-based Educational Testing Service has told New York officials that 52 students there had data exposed, in a data breach that happened at about the same time.

The Minnesota-based company administers Mississippi’s standardized tests in English language arts and math. Mississippi’s data breach was first disclosed Friday.

Questar hasn’t responded to an email and phone message from The Associated Press seeking comment.

Wright said she’s spoken to Questar’s president demanding an outside security audit, a corrective plan by Jan. 29 and the reset of passwords. After Questar revealed the similar breach of New York state data, it closed accounts of former employees and hired the outside auditor.

Among the items exposed were student names, state identification numbers, grade levels, teacher names and test results. Mississippi officials say they don’t share addresses or Social Security numbers with Questar.

“We are holding Questar accountable to ensure this never happens again,” Wright said in a statement.

Tupelo Superintendent Gearl Loden told the Northeast Mississippi Daily Journal that he was grateful no Social Security number or addresses were released.

“I hate that we’ve had a breach, but I am thankful, though, that it isn’t any harmful data based on the information I received,” Loden said.