San Diego District Breach Derails Data of More than 500,000

  • By Dian Schaffhauser
  • 01/10/19

In late December, families in the San Diego Unified School District were notified of a data breach launched through successful phishing emails. The number of affected people totaled more than 500,000, according to the district. A phishing email is an online scam in which a message appears to be from a legitimate source to encourage recipients to click on a link that enables criminals to fraudulently capture the information provided.

The school system estimated that before it was discovered the viewing and copying of some of the personal data had gone on for nearly a year, beginning in January 2018. The incident was uncovered in October by internal IT staff investigating a flurry of phishing emails, which were used to gather log-in information of some 50 staff members throughout the district.

According to the district, school police have also identified a "subject of the investigation" and have blocked stolen credentials.

Among the data exposed:

  • Student and staff names, birth dates, addresses and phone numbers;
  • Enrollment information, including discipline incident, health and attendance data;
  • Social Security numbers and state student ID numbers;
  • Emergency contact information;
  • Staff benefits details, such as beneficiaries and dependents and savings or flexible spending account information; and
  • Payroll and compensation information, including paychecks and direct deposit and tax details.

The data file containing student information dated back to the 2008-2009 school year.

District police and IT staff reported that they've identified the methodology used to breach district systems. All staff members whose accounts were compromised had the security on their accounts reset immediately upon discovery. Additional data security measures have been implemented to help prevent these types of occurrences from happening in the future, they said.

All individuals affected by the breach have been notified by letter and advised to set up identity theft alerts and take advantage of free credit reporting.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • classroom scene with students gathered around a laptop showing a virtual tour interface

    Discovery Education Announces Spring Lineup of Free Virtual Field Trips

    This Spring, Discovery Education is collaborating with partners such as Warner Bros., DC Comics, National Science Foundation, NBA, and more to present a series of free virtual field trips for K-12 students.

  • glowing padlock shape integrated into a network of interconnected neon-blue lines and digital nodes, set against a soft, blurred geometric background

    3 in 4 Administrators Expect a Security Incident to Impact Their School This Year

    In an annual survey from education identity platform Clever, 74% of administrators admitted that they believe a security incident is likely to impact their school system in the coming year. That's up from 71% who said the same last year.

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • pattern of icons for math and reading, including a pi symbol, calculator, and open book

    HMH Launches Personalized Path Solution

    Adaptive learning company HMH has introduced HMH Personalized Path, a K-8 ELA and math product that combines intervention curriculum, adaptive practice, and assessment for students of all achievement levels.