Personal information of over half a million students, teachers, staff members, and parents might have been exposed in a data breach incident that shook California’s second-largest school district.
An official from the San Diego Unified School District (SDUSD) has sent a message to everyone one is affiliated with the school, informing them about a breach. The data that could have been compromised include social security numbers, birth dates, and payroll, benefits.
The breach was first discovered more than two months ago.
According to the preliminary investigation report, it is thought that data breach happened through a phishing attack, in which an unauthorized user accessed data from as far back as the 2008-2009 school year. It is believed that the hack may have also affected 50 district employees.
“We sincerely regret that, after completing a thorough forensic investigation, we have reason to believe personal data may have been compromised through the access or use by an unauthorized individual,” reads the admission by the SAUSD. “The unauthorized access resulted in the potential viewing of the personal data of some students and staff members.
The school authority has informed all victims and has been advised to reset their passwords. Other than that they have implemented extra security measures to resist against similar attacks in the future, SDUSD says.
“School police have identified a subject of the investigation and blocked all stolen credentials. We cannot say more due to the ongoing nature of the investigation,” SDUSD communicates.