San Diego District Breach Derails Data of More than 500,000
- By Dian Schaffhauser
In late December, families in the San Diego Unified School District were notified of a data breach launched through successful phishing emails. The number of affected people totaled more than 500,000, according to the district. A phishing email is an online scam in which a message appears to be from a legitimate source to encourage recipients to click on a link that enables criminals to fraudulently capture the information provided.
The school system estimated that before it was discovered the viewing and copying of some of the personal data had gone on for nearly a year, beginning in January 2018. The incident was uncovered in October by internal IT staff investigating a flurry of phishing emails, which were used to gather log-in information of some 50 staff members throughout the district.
According to the district, school police have also identified a "subject of the investigation" and have blocked stolen credentials.
Among the data exposed:
- Student and staff names, birth dates, addresses and phone numbers;
- Enrollment information, including discipline incident, health and attendance data;
- Social Security numbers and state student ID numbers;
- Emergency contact information;
- Staff benefits details, such as beneficiaries and dependents and savings or flexible spending account information; and
- Payroll and compensation information, including paychecks and direct deposit and tax details.
The data file containing student information dated back to the 2008-2009 school year.
District police and IT staff reported that they've identified the methodology used to breach district systems. All staff members whose accounts were compromised had the security on their accounts reset immediately upon discovery. Additional data security measures have been implemented to help prevent these types of occurrences from happening in the future, they said.
All individuals affected by the breach have been notified by letter and advised to set up identity theft alerts and take advantage of free credit reporting.
Dian Schaffhauser is a senior contributing editor for 1105 Media's education publications THE Journal and Campus Technology. She can be reached at firstname.lastname@example.org or on Twitter @schaffhauser.