A-State Chief Information Officer Henry Torres said DHS notified the campus late Wednesday that the breach involved a database related to the Traveling Arkansas Professional Pathways (TAPP) Registry, which is a professional development system designed to track and facilitate training and continuing education for early childhood practitioners in Arkansas. The program is a grant-funded project administered and housed on the Jonesboro campus. The registry tracks more than 6,000 workshops annually to train childcare workers, and participants register online through the registry.
“We have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files,” Torres said. “We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation.”
An estimated 50,000 potentially impacted individuals in the database will be notified of the breach “out of an abundance of caution,” Torres said. Only a non-active portion of the data within the database contained full Social Security numbers, and it did not contain all users of the database. Most of the database tables included only four or five digits of a Social Security number, but the Social Security Administration has determined that is personally identifiable information.
The registry program is not part of the main university databases, so no student, faculty or staff records are involved unless they have participated in the TAPP Registry.
Computer servers containing the databases were immediately disabled, Torres said, and the university has a third-party security consultant who will assist in addressing the issues.
Arkansas State’s Information Technology Department will contact State Chief Security Officer Frank Andrews and DHS Chief Security Officer Mark Riley for a post-mitigation review related to all follow-up actions taken and to report any findings.
DHS and A-State have been working to transfer all data from the university’s IT system to the DHS system since December. DHS is expected to take over the registry in July.
Full Social Security numbers were not found in database transfer files until a recent review of database transmitted in April, Torres said. There is no indication that full Social Security numbers were included in prior data transmitted in December and March. No database information related to children or to parents who are not part of the TAPP Registry was breached.
The TAPP Registry has been taken offline until the review is completed. A toll-free number, 1-855-363-1011, has been established for potentially impacted individuals who have questions. The number will be staffed daily between 8 a.m. and 5 p.m. central time. Information is also available on the AState.edu home page, click on the link at the bottom of the page labeled “identity theft.”
Copyright 2016 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.