BROOKE COUNTY, W.Va. — Last Thursday, Stacy Hooper, the vice president of the Brooke County Board of Education, was informed by the West Virginia Department of Education of a data breach involving her professional email account and federally protected information about her students.
The request for those emails was allegedly commissioned by Brooke County Schools Superintendent Toni Shute.
Hooper is currently a special education teacher in Marshall County and a former reading specialist in Wetzel County.
Never has she been employed as an educator through Brooke County Schools, meaning Shute, or anyone outside of Marshall County, should not have been given access to the information.
Hooper claims Shute’s requests for her emails began as far back as 11 months before she took office on the Brooke County BOE.
NEWS9 met with Hooper to discuss a statement she released, which said, in full:
As a special education teacher in Marshall County and a former reading specialist in Wetzel County, the most important part of my job is, and will continue to be, taking care of my students.
A good part of my job includes regularly documenting my students’ baseline activity, progress, academic, medical, and physiological needs. This information is highly sensitive and mandates protection under HIPAA (Health Insurance Portability and Accountability Act) and FERPA (Family Educational Rights and Privacy Act).
I regret to inform the public that on Thursday, January 17, the West Virginia Department of Education notified me that information about my students that I documented throughout the fall of 2018 was repeatedly compromised in a serious data breach. Since learning of the breach and suspected cause, measures are being taken to notify the parents whose information was breached.
According to the department of education, Toni Shute, the superintendent of Brooke County Schools, improperly requested – and was granted – access to my professional email account. This account exists because I am a teacher in West Virginia. Superintendent Toni Shute requested information as far back to August 2017, which is 11 months before I took office as a Brooke County Board of Education member. In addition to the superintendent, the department of education is investigating where any other Brooke County School employees may have participated in this breach.
The department of education explained that county superintendents may request to access their employees’ emails for active investigations. However, what they didn’t seem to know is that I am not an educator in Brooke County. They trusted that Superintendent Shute’s request was for one of her employees. On an almost daily basis beginning October 16 and ending on December 18, Superintendent Shute repeatedly requested and was given all the emails sent and received from my account. She was granted access to all my files saved to my school’s network drive. A significant number of these files contained my students’ protected personal information. Though one email would be too many, the extent to the serious breach man be hundreds of emails and sensitive files. She also received access to all of my files saved to my school’s network drive, which included a significant number of files containing my students’ protected personal information.
I, myself, hold a superintendent certificate, in the state of West Virginia, and graduated from Franciscan University holding two master’s degrees, one of which is in administration. Based on my knowledge and understanding, superintendents are aware of the sensitive and personal information that teachers maintain about their students. As the chief educational leader of any county, a superintendent most certainly should know that requests of this nature or inappropriate, unethical, unauthorized, and impermissible.
As both an educator and a member of the Brooke County Board of Education, I am deeply disturbed by the information provided to me by the Department of Education. My students and their parents should – and do – expect that their child’s personal information will remain confidential. I regret to inform the communities in which I have taught that this information has now been severely compromised.
I will fully cooperate with the department of education to complete its ongoing investigation to determine the full extent of Superintendent Shute’s actions and correct this breach for the students and families infected.
Our citizens have repeatedly asked for transparency. I am committed to being transparent in my service and sharing the background of this serious data breach with the public is in line with that commitment as we restore trust back into Brooke County Schools.
We have reached out to both the state department of education, and Shute. We are waiting on a response from both at this time.
NEWS9 also spoke with Brooke County BOE President Ted Pauls who said tonight’s meeting agenda was set prior to these allegations.