A significant data breach at Naperville Central High School in Illinois has led to the unintentional exposure of confidential student information, raising serious concerns about data security within educational institutions. The breach occurred when sensitive data was included in the School Improvement Plan, which was publicly released on September 20, 2024. This leak involved student grades for the 2023-24 academic year, as well as additional protected information such as IEP and 504 status, eligibility for free and reduced lunch, and the students’ full names and ID numbers. The sensitive documents were removed shortly after Central Times staff alerted Principal Jackie Thornton about the incident.
The leak affected all 2,433 students enrolled at Naperville Central, with more than 31,000 lines of sensitive data released across two documents. Following the discovery, Principal Thornton issued a sincere apology, acknowledging that this incident was not consistent with the school’s standards. The district’s IT department confirmed that the data was only accessible to those with a District 203 email domain, limiting exposure to Central Times staff. In response to the breach, the district has mandated that all involved students delete any copies of the leaked data and has taken steps to enhance its data privacy measures.
Legal experts have noted that the release of such sensitive information appears to violate several federal laws, including the Family Educational Rights and Privacy Act (FERPA) and the Individuals with Disabilities Education Act (IDEA). Under FERPA, schools are prohibited from disclosing personally identifiable education records without prior written consent from students or their parents. Government transparency lawyer Matt Topic emphasized that the district’s actions constitute a serious breach of privacy protections, stating that the released information is covered under FERPA and the Illinois School Student Records Act.
In light of this breach, District 203 has committed to strengthening its data security protocols and enhancing training for staff regarding the handling of sensitive information. Communications specialist America Villalobos reassured the community of the district’s dedication to regaining trust and preventing similar incidents in the future. As part of these measures, staff have been reminded to ensure that data files are restricted to only those individuals who genuinely need access. Principal Thornton has also indicated a personal commitment to changing practices regarding data sharing, emphasizing the need for vigilance when handling sensitive student information.
Reference:
