Childcare Training Database Breached

Arkansas State University Incident Affects 50,000
Childcare Training Database Breached

More than 50,000 individuals who signed up for training as childcare workers in Arkansas had their online registration information breached, including complete or partial Social Security numbers.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

Arkansas State University has been informed by the Arkansas Department of Human Services of unauthorized access to the childcare training database within the College of Education and Behavioral Science's Department of Childhood Services.

The breach involved a database related to the Traveling Arkansas Professional Pathways Registry, a professional development system designed to track and facilitate training and continuing education for early childhood practitioners in Arkansas, the university says in a statement. The registry tracks more than 6,000 workshops annually to train childcare workers, and participants register online through the registry.

"We have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files," Torres says. "We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation."

Arkansas State and the state's human services department have been working to transfer all data from the university's TAPP IT system to the human services department's system since December 2013. The department is expected to take over the registry in July.

Approximately 50,000 individuals whose information is in the database will be notified of the breach, says Henry Torres, the university's chief information officer. The database contains full Social Security numbers on a subset of the individuals, the university says, although it did not reveal how many. Most of the database tables included only four or five digits of a Social Security number. The statement from the university also says "personally identifiable information" was involved, though it's unclear what exactly was exposed.

The registry program is not part of the main university databases, so no student, faculty or staff records are involved unless they have participated in the TAPP Registry. Computer servers containing the databases were immediately disabled, Torres says, and the university has hired a security consultant who will assist in addressing the issues.

The university did not respond to a request for additional information.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.