Have questions not answered on this page? Give us a call: 1-833-221-9226.

Our call center is available Monday - Friday, 9:00 a.m. - 6:00 p.m. EDT and will also be open on Saturday, May 19, from 9:00 a.m. - 6:00 p.m. EDT.

Please note: the call center will be available starting on Friday, May 18, 2018. Thank you for your patience while we work to get the center up and running.

Though we encourage our students to take responsible action, sometimes they make choices that do not reflect our guiding principles. Unfortunately, our students made some poor choices lately, deciding to hack into our student information system, which houses all of our student and family data, and manipulate their personal grades, attendance, and lunch balance information.

We take seriously our responsibility to gather and store your information. Therefore, we have partnered with forensic data experts to pour over our student information system to better understand the access the students gained and the information potentially acquired during their time in our data.

As a result, we now know the full picture of the cyber hack and the Q&A below was put together to share with you what we know and address some of the common questions we believe you'll have.

What Happened?

Bloomfield Hills Schools (“BHS”) is investigating a recent incident involving unauthorized access to the Student Information System (SIS) - “MISTAR”. We have identified a small number of students who are believed to have made unauthorized changes to grades, attendance, and lunch balances for a small number of Bloomfield Hills High School students. The investigation into the full scope of the wrongful conduct is ongoing, and we are looking into potential access to information contained within MISTAR outside of the known unauthorized changes.

With the assistance of a forensic investigator, we determined that a report that may have contained the usernames and passwords for the Parent Portal may have been run. As a precaution, a letter will be mailed to all parents detailing how to change their Parent Portal credentials. Should we determine that additional information contained within MISTAR was accessed without authorization, we will provide impacted individuals with notification.

What is BHS doing as a result of this incident?

Upon learning of the suspicious activity within MISTAR, we immediately launched an internal investigation and a third-party forensic investigator was retained to supplement this investigation. This investigation is ongoing. We are also notifying all potentially impacted individuals of this incident, and will be working directly with the families of the students who had unauthorized changes made to their information.

What does this mean for me?

If your child is in a school other than Bloomfield Hills High School, we do not believe there was any significant impact to your child’s account or your personal information. While we believe the intent of the students was to modify their own grades, attendance, and lunch balance and, perhaps, similar information of those they know personally, our investigation is still ongoing. At this time, all traces of data manipulation point specifically and concretely to approximately twenty students in the high school and those families have individually met with building administrators.

As an extra precaution, we will be resetting all Parent Portal passwords on Friday, May 18, 2018, which will then require all parents/guardians to reset their individual password upon returning to the system. Instructions for resetting your password can be found on our website.

Should I be concerned about my social security number or financial information?

No, you do not need to worry about these data elements, as that information is never stored within the BHS Student Information System (SIS) - “MISTAR”. MISTAR houses information such as: address, telephone number, school picture, grades, attendance, date/place of birth, and other general information teachers and building staff utilize. While lunch balance purchases are logged in MISTAR and additions to a child’s lunch account/balance are made in MISTAR, banking information and credit card numbers are never housed in the system and would therefore not have been accessible.

How did this happen?

While the investigation is still ongoing and our immediate focus is on containing the unauthorized access and securing the system, data experts know that students gained access to the system by exploiting a vulnerability. This vulnerability has been resolved.

What actions will be taken in the future?

The district has already terminated the unauthorized access to the Student Information System. The investigation is still ongoing and our review of all digital safety/security is still underway. That said, modifications will be made as necessary to our internal practices and the district plans to conduct internal staff and student training in addition to what has been provided in the past or is normal, ongoing training. We are committed to using this unfortunate incident to teach our students about digital citizenship and help support them in making better digital decisions. Please use the resources on this website to have a conversation with your child about their responsible use of technology both at home and at school.

What is the discipline for the student(s) who are found to be directly involved?

As is the case with all student disciplinary measures, BHS will not be able to disclose the specific actions ultimately taken, due to student privacy concerns and laws. That said, we take this matter seriously and can assure you that we are working within the full extent of the student code of conduct and applicable law.

What are some steps I can take, now that my information has been impacted?

Although our forensic investigation is ongoing, at this time we do not have any evidence of actual or attempted misuse of your personal information. Nonetheless, there are some steps you can take that are good precautionary steps in any situation.

  1. Do not have the same password for multiple logins. Change your password regularly and make it a challenging password to guess - no pet names, childhood references, or other easily-obtained information. For a good, strong password, use a strong, long sentence.
  2. Make sure you have a good password on your own home internet router system. This will prevent access by someone who is not in your home from using your system for malicious purposes.
  3. Put a pin code or password on any device you personally own and make sure you are logged out before walking away from the device. Do not have iPads and other mobile devices automatically login or remember logins without some other form of verification.
  4. Turn on two-step verification wherever possible and never agree to “allow” a third-party vendor (another app or company) to access your information unless you’ve read through all of the conditions and feel comfortable with how they intend to use your information.

What should I do if I believe my high school child’s grades were changed?

At this time, our administrative team has spoken with all families who have had a modification to their child’s account, based upon the forensic investigation conducted to date. This investigation is ongoing. Should we find that additional unauthorized changes were made, we will reach out to the impacted families and promptly set up a meeting. If you still believe a grade may not be accurate and have not met with the high school administrative team, please contact your child’s school office to setup a meeting with school administration.

How are lunch balance adjustments being corrected?

At this time, our investigation is ongoing regarding the lunch balance adjustments. With the semester coming to a close, our primary concern is on grade adjustments. Once the investigation concludes, we will work within our code of conduct and Michigan State Law to determine the outcome of the lunch theft.

What about the attendance records?

The forensic investigation into the attendance changes is ongoing. This investigation takes a significant amount of manual effort and time. Should a substantive update be warranted by the forensic findings, we will provide an update at the conclusion of the investigation.

What about all of the other things stored in MISTAR?

Our investigation into the full scope of the unauthorized access to MISTAR is ongoing. At this point, we believe that the unauthorized changes made within MISTAR were limited to a small number of students at Bloomfield Hills High School. We are still investigating the scope of any additional unauthorized access to information within MISTAR.

What if I do not remember my MISTAR/Parent Portal PIN?

The district plans to send a mailed copy of this information to all families prior to the Summer Back to School Online Registration window opening online. Please look for this information in the mail. In the meantime, if you find you need faster access, you will need to bring a photo ID to either our Student Services Office (7273 Wing Lake Road, Bloomfield Hills, MI 48301) or your child's school building and they can remind you of your personal PIN number. You need both a PIN number and password to login.

Talking with children about digital citizenship

It's never too early to begin talking with your child about digital citizenship. The following are some tips for starting this conversation with your child.

  • Do you know how involved your child is with the internet and technology? Begin by asking what they know about technology and how they use it.
  • Help your child understand why it's important to keep information private and how posting information online is like a "digital tattoo" that is difficult or impossible to remove.
  • Ask your child what they think it means to use the internet in a responsible and meaningful way and coach them if you think their notions about the internet aren't entirely accurate.
  • Ask your child if they ever feel overwhelmed by the time they spend online or their online behaviors. Often, this can be a window into their emotions surrounding their behavior online. Also, children need help in learning how to set boundaries for the time they spend with technology.

From Common Sense Media: It's Time to Have "The Talk"

You don’t have to be an expert on texting, Instagram, Minecraft -- or whatever else your kids are into -- to have The Talk. Start by reading up on what's going on in your kids’ world (for younger kids and older kids). Ask them to show you what they like online, and why. Make sure to listen :) Then, express a few basic expectations, with the understanding that this isn't a one-and-done kind of chat. Good luck (you’ll be fine)!

To read the full article, please visit the Common Sense Media website.

Password reset instructions