The Department of Elementary and Secondary Education (DESE), in conjunction with Missouri's Office of Administration Information Technology Services Division (OA-ITSD), will begin to send letters in the coming days to certificated educators across the state whose personally identifiable information (PII) may have been compromised during a recent data vulnerability incident. The state is unaware of any misuse of individual information or if information was accessed inappropriately outside of an isolated incident. However, out of an abundance of caution and in the unlikely event that this information was inappropriately accessed outside this single incident, the State of Missouri is offering 12 months of credit and identity theft monitoring resources through IDX to the approximately 620,000 past and present certificated educators whose PII was contained in the DESE certification database. Potentially impacted educators will receive direct communication by mail and/or email with more details about the services offered through IDX. Educators may contact the IDX Call Center at 833-325-1777 from 8:00 a.m. – 8:00 p.m. (CT) Monday through Friday to determine if they are among those eligible for these services. The call center is closed tomorrow, November 11, 2021, for the Veterans Day holiday.
“Educators have enough on their plates right now and I want to apologize to them for this incident and the additional inconvenience it may cause them,” said Commissioner of Education Margie Vandeven. “It is unacceptable. The security of the data we collect is of the utmost importance to our agency. Rest assured that we are working closely with OA-ITSD to resolve this situation.”
As previously announced by OA, on October 12, 2021, DESE was made aware that the PII of at least three Missouri educators was potentially compromised. The information was located within the educator certification data available on DESE’s website. An individual told DESE that they, through a multi-step process, accessed the certification records of at least three educators, took the encoded source data from that webpage, decoded that data, and then viewed the social security number (SSN) of those specific educators. Educators’ PII was only accessible on an individual basis within this search tool, and there was no option to decode SSNs for all educators in the system all at once.
Upon verification of the threat, DESE immediately notified OA-ITSD who immediately disabled the educator certification search tool. OA-ITSD staff are working now to reconfigure the educator certification search tool and to reinforce security to prevent further unauthorized access of educators’ PII. This incident remains under investigation.
The services offered through IDX will cost the state approximately $800,000. The state was able to take advantage of an existing multi-state contract with this vendor, which significantly lowered the cost for the credit and identity theft monitoring services.
Stakeholders can visit dese.mo.gov/data-incident to learn more and stay informed about this situation.