Updated, 10:50 a.m. Oct. 15:
A representative of Apex Solutions, the company that owns the job application website used by District 202, on Monday said the security breach happened when someone used an authorized District 202 acount to access the district's employment application database.
"AppliTrack was not hacked," Keith Westman, Apex's vice president of sales and marketing, said in an email. "Someone used an authorized Plainfield 202 username and password to access their database of employment applications to send an obscene email."
Westman said the district is working to determine how either an internal or external individual obtained the username and password.
"We worked with Plainfield 202 over the weekend to assist them in their investigation and to offer any assistance we could," Westman said. "The website, www.applitrack.com, exceeds every security standard and takes very seriously the security of the data entrusted to our service."
Anyone who applied online for a job in District 202 over the last few years got a nasty surprise on Saturday, after a hacker breached security on a website used by the district for employment applications.
On Saturday, current and past applicants received an “inappropriate and offensive message” from whoever hacked into the online job application system, Community Relations Director Tom Hernandez said.
He said messages were received by “tens of thousands” of people, putting the latest estimate at about 23,000.
One past job applicant said she got a message Saturday titled “Plainfield School District 202 has had a security breach.”
The message, which addressed the applicant by name, contained a racial slur and boasted about hacking into the system.
Hernandez said District 202 officials have been in touch with the company that owns the website, www.applitrack.com.
The website was shut down early Saturday evening, according to a message sent out by the district Saturday night. Hernandez said school district officials are still working with the company to determine exactly how much information was compromised.
“What I can say with certainty is that it did not gather [social security numbers] because we don’t ask for that on job applications,” he said.
Hernandez said the district believes the same hacker was behind a similar internal attack on District 202 systems.
“Our website was hacked in the past and we addressed those security issues,” he said.
District 202 has contacted local police, along with the FBI, Hernandez said.
“We plan to prosecute to the fullest extent possible,” he said.
On Saturday night, the district sent out an automated message notifying the District 202 community.
“This system is not part of District 202's network, therefore, we do not control it. However we are working with the company that runs the system to determine the scope of the problem and resolve the issue. The website has been shut down as of about an hour ago.
"We have also contacted the police and FBI and plan to prosecute the responsible party to the fullest extent of the law. We will update this message when new information becomes available. Our sincere apologies to those who were affected by this security breach and to everyone for this intrusion into your Saturday evening,” the message read in part.