Thousands of San Diego area students and teachers may be on Christmas break, but that didn’t stop the school district from announcing a major data hack Friday.
San Diego Unified School District, the second largest school district in California, said more than 500,000 students and staff had their personal information accessed through a data breach. Through a phishing attack, an unauthorized user accessed data from as far back as the 2008-2009 school year. The hack also affected 50 district employees.
The data breach certainly affected a lot of people, but it’s the type of info the hackers accessed that’s shocking. Students had their attendance records, health information, discipline history, contact details, and more exposed. Both students and staff had Social Security numbers revealed. Even worse, some staff had viewable paychecks, salary and direct deposit information, and routing and account numbers exposed.
Anyone affected was alerted through email on Friday, just in time for Christmas. Here’s the letter that went out.
The district said it learned about the data breach in October, but they had to hold off on alerting people because, “it was necessary for our investigation to not immediately tip off those responsible that we were aware of their activities.” The investigation is ongoing. Looks like the IT department needs to brush up on its data security practices — especially since school districts are a common target.
Happy credit freezing and fraud alerting, San Diego students, parents, teachers, and staff.