San Diego USD Hacked, 10 Years’ Worth of Data Stolen

Officials say that a hacker gained access to the personal information of over 500,000 San Diego Unified students and staff.
Published: December 27, 2018

San Diego Unified School District experienced a data breach of the personal information going as far back as the 2008-2009 school year.

Personal data of more than 500,000 students and staff was stolen, reports Health Security.

Using a targeted phishing attack through what appeared to be authentic emails, the hacker collected the necessary login credentials to access the personal data.

Over an 11-month period, the hacker gained access to the names, dates of birth, Social Security numbers, mailing and home addresses, phone numbers, health information and legal notices of students and staff members.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

About 50 district employees also had their login credentials stolen during the initial attack. Accompanied by the San Diego Unified Police, officials were able to identify the hacker and reset all accounts.

The breach was discovered by officials in October when staff reported the questionable emails to IT staff. However, the hackers remained on the system throughout the investigation, according to ZdNet.

“It was necessary for our investigation to not immediately tip off those responsible that we were aware of their activities,” officials posted in a breach notice.

Victims of the cyber-attack have now been notified since the first phase of the investigation is complete. The full investigation is on going.

“All individuals affected by the data breach have been notified directly. If a representative from San Diego Unified has not spoken with you directly about the issue, we do not have any evidence your data was altered or affected,” officials said. “Regardless of whether or not you received a notification, we still recommend that you contact credit reporting agencies to notify them of the breach of your information”

For those affected by the attack and who want to make sure they are protected in the future, the notice recommends:

  • Setting up an identity theft/fraud alert
  • Getting free information from your state
  • Ordering a free credit report through cred reporting agencies

More information can be found here.

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series