Tuesday, September 3, 2019

Pearson AIMSweb 1.0 Data Breach – What You Should Know


As you may have heard recently through your Principal or in the media, the Boulder Valley School District found out that it is one of more than 13,000 school districts and universities that have been impacted by a data breach at one of our key vendors – Pearson.

First, it is important to know that this breach impacted current and former Boulder Valley School District students. The breach, although significant, was contained in BVSD to name and date of birth.  No other personal information was breached through this event at Pearson.

This information is being shared so that you are aware of the situation and can better answer any parent or community member questions that may come up.

The Pearson AimsWeb 1.0 Data Breach
BVSD learned in August 2019 that an unauthorized third party gained access to Pearson’s AIMSweb 1.0 system in November 2018.  Pearson was made aware by the FBI in March 2019 but was restricted in communicating to BVSD sooner due to the ongoing investigation.

We have notified individuals directly impacted by the breach by mail. Families would have received a letter by August 30 if they were affected. Pearson is paying for the expense of notifying families and for identity or credit monitoring service through Experian.

It is important to note that at this time, Pearson has no evidence to suggest that the breached information has been misused.

Why was BVSD Using AimsWeb 1.0?
Pearson is best known as the publisher of print and digital textbooks but also develops education-related software. BVSD used AIMSweb 1.0 to track progress, inform instruction, and provide updates to parents. AIMSweb 1.0 was permanently taken out of service in July.

Our own internal investigation found no other Pearson products to be impacted by this breach.

Next Steps
I take the safety and security of our students, staff, and their data extremely seriously – as does our entire leadership team.  BVSD already has many proactive processes in place to help prevent student data breaches, and we continue to reevaluate our processes for improvements.

Additionally, BVSD continues to be in compliance with the Colorado Student Data and Transparency Act and remains vigilant in protecting student data. We will continue to work with Pearson and other vendors to ensure everything possible is done to protect the privacy of student data.

Working together, we can minimize threats, including phishing attacks, viruses, malware, and ransomware.   As always, please chime in below with your thoughts, comment, and ideas on this topic.


Thursday, August 22, 2019

Digital Safety

Safety, privacy, and student focus are top priorities for BVSD. As parents, students, principals, teachers, and staff return to school, I want to share a few changes that IT has implemented over the summer. We understand that oftentimes changes can be viewed as restrictive or less convenient, yet we hope these changes are implemented as smoothly as possible with the goal to increase our digital safety.

So what are the specific digital safety changes we’ve made over the summer?

At School
At Home*
Netflix/Hulu are blocked for K-12 students
Google Hangouts are blocked for K-8 students
Ads are blocked for staff/students while using the BVSD network 
Chrome extensions are limited to those that are whitelisted through a vetting process (Read more below)

Netflix, Hulu, and Ad Blocking changes should help keep our students focused. Additionally, all 2-12 teachers now have access to GoGuardian for device monitoring and focused browsing instruction. The Chrome extension change will help keep our devices free of viruses, malware, and ransomware at a time when these attacks are being targeted at K12 districts. The state of Louisiana recently declared a state of emergency after three school districts were impacted and data either lost or ransomed.
Both academic and technical reviews on hundreds of extensions have resulted in whitelisting over 100 approved extensions that can now be accessed. All other extensions from the Chrome Web Store are unavailable for download until a request is made for the proper approval.

With the majority of education and business software now running in the cloud, we believe the impact of this change will be minimal, but we do realize that it may have an effect on some programs. If you have an extension that needs to be installed, please submit an IT Service Request with the title of the extension, and it will go through the proper academic and security approval process.

Thank you for understanding each of these changes and supporting our students and staff in a safe, focused learning environment in BVSD!


* District Chromebooks and the Chrome browser on any device where a student BVSD id is logged in.

Monday, April 29, 2019

IT Core Focus Areas

From time to time, I am asked how IT supports BVSD with innovative, equitable, and secure technology that enables our learning and business environments. IT has five core focus areas that work together to form the framework to support the business of education at BVSD: Customer Service 2020, Secure our Digital Environment, Cloud First, Equity and Access, and Employee Engagement.

Customer Service 2020 - This is a focus to fundamentally change how we provide IT services to BVSD teachers, principals, administrators, students, and parents. It is the shift from hardware support to software support, recognizing the use of digital tools is expanding. Under this effort, we will explore the expansion of our customer base to include parents and students. The transition and expansion of our support will be a multi-year effort that will require continuous training of the IT staff.

Secure our Digital Environment - One can’t read the headlines today without seeing a new data breach happen. Be it Target, Home Depot, or the latest Marriott breach, no organization is immune to actions of those with bad intent and the capabilities to carry out attacks. The Board of Education has invested in modern firewalls and human resources to measure and mitigate security vulnerabilities. This year a required data privacy course was completed by BVSD employees and next year we plan to share a digital safety awareness campaign to help educate us all on our individual role in combating cyber attacks. We should not compromise security for convenience.

Cloud First - This is our guiding principle for choosing new software. It is largely based on the premise that device-specific software is simply going away in favor of the anywhere, anytime, any device web access software we see today. Just a few years ago we were installing copies of Word, Photoshop, and Outlook on over 10,000 PCs. Those days are largely behind us as software is less likely to be installed directly but delivered through the cloud to your web browser be it on a PC, Mac, Linux, or Chrome device simplifying the user experience.

Equity and Access - Ensuring that every student has an equal opportunity to learn is the foundation of this strategy. The 1:Web program includes a way for students, regardless of the ability to pay, to have a device for learning. The ConnectME (My Education) pilot has connected ~40 students via free internet to their home. Both of these programs help ensure that all students, regardless of socioeconomic status, are connected and have a digital device to enhance their learning experience.

Employee Success - Ensuring our IT employees have the support, tools, and training to be effective is important for meeting our customer’s needs. We strive to create an environment where employees can pursue their passions and build connections with their customers and peers. A supportive community is critical to creating a culture where our employees can drive innovation to move the organization forward.

IT is here to partner with you and bring creative, supported, and secure technology to the business of education. With these five guiding beliefs, we are positioned to provide the most effective services to our customers. Over the next few months, as BVSD updates the strategic plan, IT will also be working to adapt and deliver evolving technology solutions needed to take us successfully into the future.