We are committed to protecting the confidentiality and security of our students' information and that of their parents, and we will notify you any time we find a problem. We want to let you know about an incident that involved your data. This notice explains the incident, measures that have been taken, and some steps you can take in response.
In late November 2019, Aeries, our student information system, learned that an unauthorized individual exploited a security vulnerability in the Aeries software. Upon discovery, Aeries began an investigation, and law enforcement launched an investigation to identify the person responsible, and an arrest was made. At first, they believed the problem was confined to a few districts, but they recently found that the individual may have accessed many districts’ databases. We submitted some information to them for analysis. On June 4, Aeries confirmed that this individual did access a limited set of our data.
What information could have been accessed?
The information the individual could potentially have accessed included the following:
parent and/or student name, district-generated student ID number, home address, phone number, e-mail addresses and hashed passwords tied to a portal account. All passwords are automatically encrypted through Aeries. A hashed password does not reveal the actual password, though it is possible to decrypt a password that is commonly used like “Passw0rd.”
What has Aeries done to make sure this doesn’t happen again?
To help prevent something like this from happening again in the future, Aeries patched the software, made other security improvements, and strengthened password requirements. These security improvements have been in place since December.
What can you do?
Even though we have no evidence that your personal information has been obtained or misused, we wanted to let you know this happened and assure you we take it very seriously. Out of an abundance of caution, we will be implementing a mandatory password reset for all parent and student portal accounts on Monday, June 8, 2020. Additionally, if you use the same password for other online accounts, we recommend changing the password for those accounts as well. If at any time you want to reset your password, use the “Forgot Password” link on the Aeries Parent/Student Portal. You can also find instructions on our website at www.travisusd.org/Domain/1760 .
Travis Unified sincerely regrets that this incident has occurred and apologizes for any inconvenience this may cause you. If you have any questions regarding the data breach itself, please call the Superintendent's Office at (707) 437-4604 x1000 or email firstname.lastname@example.org.