San Diego Unified School District recently reported a data breach that affected more than 500,000 students and staff members. According to the official statement, a phishing scam led to unauthorized access to the staff’s log-in information, including the network services and students’ database.
The security officials at the school district stated they discovered the breach in October 2018. It’s believed that the incident occurred between January 2018 and November 2018. The school district declared the compromised students’ information included social security numbers, names, date of birth, mailing address, home address, attendance records, ID numbers, and phone numbers. Some staff members’ information like payroll, deduction information, tax information, direct deposit financial institution name, account number, salary, and leave information was also compromised.
“We sincerely regret that, after completing a thorough forensic investigation, we have reason to believe personal data may have been compromised through the access or use by an unauthorized individual. The unauthorized access resulted in the potential viewing of the personal data of some students and staff members. The personal data potentially included social security numbers and other personally identifying information,” SDUSD said in a statement.
“The data file contained information on students dating back to the 2008-09 school year or more than 500,000 individuals. For that reason, all of those individuals have been notified of the incident. Additionally, some 50 district employees had their log-in credentials compromised as part of the phishing operation. All students and staff who had their information accessed have been alerted by district staff,” the statement added.
SDUSD announced that it has introduced additional data security measures to prevent future threats. It also notified all the victims about the incident and suggested to reset their log-in credentials.