JONESBORO, Ark. – The Arkansas Department of Human Services has informed Arkansas State University (ASU) about a data breach in the College of Education and Behavioral Science’s Department of Childhood Services (CHS) that could cause exposure of personally identifiable information.
The campus was notified of the breach late Wednesday. The breach involved a database related to the Traveling Arkansas Professional Pathways (TAPP) Registry, which is a professional development system designed to track and facilitate training and continuing education for early childhood practitioners in Arkansas. The program is a grant-funded project administered and housed on the Jonesboro campus. The registry tracks more than 6,000 workshops annually to train childcare workers, and participants register online through the registry.
“We have confirmed unauthorized access to data, but we have no reports regarding illegal use of the information in these files,” ASU Chief Information Officer Henry Torres said. “We took immediate measures to address this issue after being notified by DHS. We are cooperating with DHS and working with programmers to assess and resolve the situation.”
An estimated 50,000 potentially impacted individuals in the database will be notified of the breach “out of an abundance of caution,” Torres said. Only a non-active portion of the data within the database contained full Social Security numbers, and it did not contain all users of the database. Most of the database tables included only four or five digits of a Social Security number, but the Social Security Administration has determined that is personally identifiable information.
Since the registry program is not part of the main university databases, no student, faculty or staff records are involved unless they have participated in the TAPP Registry.
Computer servers containing the databases were immediately disabled, Torres said, and the university has a third-party security consultant who will assist in addressing the issues.
Individuals possibly affected by the breach can call 1-855-363-1011.