What would the end of 2018 be without a new data breach? The latest comes from the San Diego Unified School District. A hacker has made off with the personal data of over 500,000 staff and students of the San Diego Unified School District. The district conducted a forensic investigation and have strong suspicions that the data was indeed compromised. The personal data could include everything from social security numbers to full names and date of birth.
The San Diego Unified School District says they have sent emails to all potentially impacted individuals. The district says they have taken
SDUSD Information Technology staff discovered an unauthorized user was gathering network access log-in information from staff and using that information to log into the district’s network services, including the district student database.
This happened through “phishing,” a scam technique where a person creates phony emails that appear to be from a legitimate source and contain harmful links. Unfortunately, this type of scam has become widespread throughout the world.
The viewing or copying of some personal data was possible or occurred between January 2018 and November 1, 2018. Staff became aware of the issue in October 2018.
The district says, while the incident was ongoing since January and was discovered in October. They withheld any announcements so they could conduct the investigation without alerting the hacker. “The incident was uncovered by district Information Technology professionals investigating multiple reports of phishing emails, which were used to gather log-in information of staff members throughout the district.”
Here’s a rundown of everything that was affected by the data breach/hack:
- Student and selected staff personal identifying information, to include: first and last name, date of birth, mailing address, home address, telephone number;
- Student enrollment information, to include: schedule, discipline incident information, health information, school(s) of attendance, transfer information, legal notices on file, attendance data;
- Student and selected staff Social Security Number and/or State Student ID Number
- Student and staff parent, guardian and emergency contact personal identifying information, to include: first and last name, phone numbers, address (if provided), email address, employer information;
- Selected staff benefits information, to include: health benefits enrollment information, beneficiary identify information, dependent identity information, savings or flexible spending account information;
- Selected staff payroll and compensation information, to include: viewable paychecks and pay
advices, deduction information, tax information, direct deposit financial institution name, routing number and account number, salary and leave information;
The San Diego Unified School District says they have identified the methodology used to breach their systems. Staff members whose accounts were compromised have had their accounts reset. The district is implementing additional security measures.Source: SDUSD