San Diego School District (SDUSD) security breach exposed data of 500,000 students and staff
Personal information belonging to over 500,000 students and 50 district employees were exposed in the San Diego School District (SDUSD) security breach.
An attacker sent spear-phishing to SDUSD personnel with the intent of trick
them into revealing credentials to access the district’s network services.
The attacker accessed personal information of student and staff, including
names, dates of birth, mailing and home addresses, telephone numbers, social
security numbers and/or state student ID numbers.
The hacker also accessed schedule, health data, schools of attendance, transfer
information, recorded legal notices, and attendance data.
Exposed info include data about the students’ parents or guardians,
emergency contacts of the district’s employees and staff benefits information
(health benefits enrollment information, beneficiary identify information,
dependent identity information, savings or flexible spending account
information),
Both students and employees had Social Security numbers exposed, the hacker also accessed for some staff paychecks, salary
The district discovered the data breach in October, but did not immediately
alert affected people because “it was necessary for our investigation to
not immediately tip off those responsible that we were aware of their
activities.” The breach is believed to date back to January 2018, this
means that the hacker accessed the information for 12 months.
The investigation is still ongoing and affected people are being notified
via email, according to the SDUSD the law enforcement identified a subject of the investigation and blocked
all stolen credentials.
In response to the incident, the staff members whose accounts were
compromised had their passwords reset. SDUSD announced the implementation of
extra security measures to avoid such kind of incident in the future.
|
|
(SecurityAffairs – SDUSD , data breach)
The post San Diego School District (SDUSD) security breach exposed data of 500,000 students and staff appeared first on Security Affairs.