Houston ISD Superintendent Terry Grier on Thursday unveiled a $10 – $15 million plan to significantly upgrade HISD’s computer network security system after the district learned the school district’s computer system had been hacked in October.
A criminal investigation is under way in the hacking incident, but the school district said it did not initially appear any records had been changed or any sensitive information lost.
It appears that information of only one student was viewed by the hacker.
The district’s aging computer system, combined with longstanding policies that allowed campuses to purchase computer hardware and install software with little oversight, have left HISD’s network particularly vulnerable to hackers, Grier informed school board members Thursday.
“Fixing this will be a financially costly endeavor, but HISD parents, taxpayers, and employees must be able to trust that we take protecting their private information seriously,” Grier said.
The network security plan includes:
– An immediate outside third-party review and action plan for the district’s entire security environment
– Immediately strengthening current firewall security
– Upgrading password protocols and implementing security awareness training for all employees
– Tasking the Technology Department with overseeing all PC usage, managing remote PC access to the network, and removing some PCs from the network
– Adding new positions in the Network Security Division
– Limiting wireless access solely to HISD computers until the network is fully upgraded
Grier’s announcement comes on the same day HISD was informing parents and employees that a criminal investigation has revealed that a hacker viewed the personal records of one student and had access to private data maintained on all students, employees and some vendors dating back 10 years.
The investigation, which is ongoing, has uncovered no evidence that the private data, other than that belonging to the one student, was actually viewed by any unauthorized individuals. But because of that threat, HISD is required by Texas law to notify all potentially affected individuals of the security breach.
The first sign of a possible security breach was noticed by HISD technology workers on Oct. 24. A criminal investigation, headed by HISD Police with help from the FBI, the Regional Computer Forensics Laboratory and IBM was launched. Investigators determined shortly before the Thanksgiving holiday that a security breach had in fact occurred.
HISD employees received e-mails and parents received letters today updating them on the situation and offering information to guard against identity theft. Additional information is posted on the HISD website: www.houstonisd.org.
Parents and employees with additional questions can e-mail HISD@houstonisd.org.
Beginning today, a telephone hotline will be open to receive questions, though it will have a limited capacity to handle calls. That number is 713-556-8900.