Cyber Incident Victim: Arkansas State University

In June 2014, Arkansas State University (A-State) disclosed a data breach impacting approximately 50,000 early childhood practitioners affiliated with the Traveling Arkansas Professional Pathways (TAPP) Registry. Unauthorized individuals gained access to databases containing full and partial Social Security numbers tied to the registry. The compromised systems specifically housed information for professionals participating in TAPP, a program focused on childhood development services. A-State clarified that no data belonging to its general student body, faculty, or staff—excluding those enrolled in TAPP—was exposed during the incident. The breach occurred during a transitional period, as A-State had been transferring TAPP Registry files to the Arkansas Department of Human Services (DHS) since December 2013, with DHS scheduled to assume full control of the registry the following month.

The Arkansas Department of Human Services alerted A-State to the breach, prompting immediate containment measures. University administrators took affected computer servers offline and disabled the TAPP website to prevent further unauthorized access while an external security consultant investigated the intrusion. Notifications were issued to all individuals whose Social Security numbers were exposed, though A-State’s Chief Information Officer Henry Torres confirmed no evidence of malicious misuse of the compromised data at the time of disclosure. The university emphasized that the breach exclusively involved TAPP Registry participants and did not extend to other institutional systems or non-TAPP individuals. Service disruptions were limited to the TAPP program during the investigation, with DHS proceeding with its planned July 2014 takeover of registry operations following the security incident.