Spotlight on: Learn How to Bolster Your School’s Security. Attend the 2022 Campus Safety Conferences


The Campus Safety Conferences are 2-day intensive conferences for administrators and public safety officials, security, and law enforcement executives from all over the country looking for solutions to their campus safety, security, emergency management, and technology challenges.
Close

San Diego USD Hacked, 10 Years’ Worth of Data Stolen

Officials say that a hacker gained access to the personal information of over 500,000 San Diego Unified students and staff.

San Diego Unified School District experienced a data breach of the personal information going as far back as the 2008-2009 school year.

Personal data of more than 500,000 students and staff was stolen, reports Health Security.

Using a targeted phishing attack through what appeared to be authentic emails, the hacker collected the necessary login credentials to access the personal data.

Over an 11-month period, the hacker gained access to the names, dates of birth, Social Security numbers, mailing and home addresses, phone numbers, health information and legal notices of students and staff members.

About 50 district employees also had their login credentials stolen during the initial attack. Accompanied by the San Diego Unified Police, officials were able to identify the hacker and reset all accounts.

The breach was discovered by officials in October when staff reported the questionable emails to IT staff. However, the hackers remained on the system throughout the investigation, according to ZdNet.

“It was necessary for our investigation to not immediately tip off those responsible that we were aware of their activities,” officials posted in a breach notice.

Victims of the cyber-attack have now been notified since the first phase of the investigation is complete. The full investigation is on going.

“All individuals affected by the data breach have been notified directly. If a representative from San Diego Unified has not spoken with you directly about the issue, we do not have any evidence your data was altered or affected,” officials said. “Regardless of whether or not you received a notification, we still recommend that you contact credit reporting agencies to notify them of the breach of your information”

For those affected by the attack and who want to make sure they are protected in the future, the notice recommends:

  • Setting up an identity theft/fraud alert
  • Getting free information from your state
  • Ordering a free credit report through cred reporting agencies

More information can be found here.

About the Author

Contact:

Katie Malafronte is Campus Safety's Web Editor. She graduated from the University of Rhode Island in 2017 with a Bachelor's Degree in Communication Studies and a minor in Writing & Rhetoric. Katie has been CS's Web Editor since 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Online Summit Register Now Promo Campus Safety HQ