TOWSON, Md. — The personal information of 2,500 or so Baltimore County Public School employees was mistakenly exposed on the system's website.
Officials say it happened on or around December 16, last year.
Initially it was thought only employees could view and access the information, which included names and social security numbers.
"At the time BCPS published the list, we believed the list had technical safeguards in place to hide the personal information from unauthorized access," said Charles A. Herndon, a schools spokesman.
But it wasn't until January 15, when it was discovered that the information was actually made public.
Once officials finally found out about the error, the information was permanently removed from the webpage.
However, those affected weren't notified about the breach until this week by email.
The incident though apparently has no tie to last November's ransomware attack on the schools IT system.
"We were assured that there had been no data breach, and this is different and not related to ransomware but there was a data breach and we weren’t made aware of it for the month," said Cindy Sexton, President of the Teachers Association of Baltimore County. "That’s the big concern."
Since the incident, the school system has enhanced its technical security measures.
Staff were reportedly offered a one-year complimentary membership to Experian IdentityWorks to monitor their credit.
"It was a human error that caused this issue to surface, we immediately responded to it, those who may have been impacted were informed and they know exactly what they need to do," said Baltimore County Schools Superintendent, Darryl Williams.
Thus far, the system says there is no evidence to suggest any staff member's private information has been misused by unauthorized individuals.
"I am confident in what our financial office did to respond and the fact that we worked with legal counsel to make sure we had everything in order," said Williams.