The breach occurred on Feb. 23 and was discovered on Feb. 28. The public was notified as required by state education law in a letter from Superintendent Richard Ruberti posted on the district website on May 28.
Although there are no strict reporting deadlines, it's unclear why the district waited roughly three months after the breach was discovered to issue the notification.
In the event of the unauthorized release of data that includes personally identifiable information, education law states affected students or their parents, and staff should be notified in the "most expedient way possible and without unreasonable delay."
The district's incident response team alerted appropriate state and federal agencies of the incident as required by law. A forensic investigation in coordination with the district's cyber insurance company is underway to determine the extent of the breach.
Affected students, teachers and principals, whether current or former, will receive letters with more detailed information in the event the forensic team confirms any personal information was compromised.
"Please rest assured that the Greater Amsterdam School District is dedicated to protecting and securing educational data. Our team is extensively trained in data security and privacy, and our systems have numerous controls in place to safeguard your child's academic records. Student privacy is of utmost importance to us, and we are closely monitoring this incident," the district statement issued by Ruberti reads in part.
Ruberti was not immediately available for comment on Wednesday.
Anyone with questions regarding the incident is encouraged to contact the school district. Former students seeking additional information can contact Director of Technology Eric Scholl by phone at 518-843-3180 ext. 7510 or email dataprivacy@gasd.org to receive a letter with more details about the data accessed.
©2024 The Daily Gazette, Schenectady, N.Y. Distributed by Tribune Content Agency, LLC.