Arlington school leaders say an internal error led to “sensitive employee information” being posted on the school system’s procurement network.
“The files included the names, addresses, Social Security numbers and birthdays of employees and retirees under 65 years old who are currently enrolled in the APS medical healthcare plan,” Brian Stockton, the school system’s chief of staff, wrote in an email to personnel.
Catherine Ashby, the school system’s assistant superintendent of school and community relations, verified the authenticity of the email shared with ARLnow.
Stockton’s email said there is currently no indication that personal information was accessed or downloaded by anyone without authorization to view it.
“The files were promptly removed once the error was identified,” he wrote. “We apologize and take full responsibility for this mistake. We also understand the concern it may cause.”
The incident will result in changes to operating procedures, school officials said:
“We are using this incident as a learning opportunity to strengthen our data privacy practices. APS is implementing additional safeguards and enhanced review procedures before uploading any files to public-facing platforms. All relevant staff will also receive a refresher training on proper handling and sharing of sensitive information.”
The school system also will offer credit-monitoring and identity-protection services without charge to employees whose information may have been compromised.
Security breaches have occurred in the past at the county school system. Among them:
- In January 2024, some APS visitor information was “externally exposed” by the contractor operating the school system’s visitor management system
- In 2019, an error in data that APS provided to a college readiness vendor may have exposed the names, addresses and academic information of several dozen former students
- In 2016, dozens of APS employees were impacted by a data breach that compromised tax information
