Another California School District Faces A Massive Data Breach
Table of Contents
- By Steven
- Published: Dec 23, 2022
- Last Updated: Dec 23, 2022
We’re sure we all remember the Los Angeles Unified School District hack. It was all over news stations for weeks as the teachers, students, and parents dealt with the largest education data breach in history. Now, the San Diego Unified School District has also faced a data breach; this time, it seems to have affected a much smaller number of people.
How Did the Attack Occur?
This attack had a much better outcome than the last Unified School District breach. This attack was a system hack, while the other was ransomware. Another differing factor is that this breach only affected current and former employees instead of students being thrown into the mix. We know this may sound odd, as school employees are already overworked and underappreciated, and we don’t mean to demote their importance in any way. But anyone who enjoys their work in the education system will tell you they’d rather become victims as adults than have children victimized before they can do anything about it.
What Information Was Viewed or Stolen?
The hacker couldn’t access nearly as much information in the SDUSD breach as the hackers responsible for the LAUSD breach did. The attacker accessed social security numbers, names, direct deposit information, and health insurance details. We know the list seems short, but the information the hacker accessed is incredibly sensitive and can have a detrimental effect on the victims.
How Did SDUSD Admit to the Breach?
SDUSD sent notifications to the affected employees and a mandatory notice to the California State Attorney General. The press has also gained hold of the story, so San Diego news outlets have been blowing up with information on the breach. The timeline of the breach has been a hot topic, however. It took weeks for the school to initially notify employees and student families. It took almost two months after the breach occurred for the district to alert the Attorney General.
What Will Become of the Stolen Information?
We wish we could offer some sweeter information, but breaches like this are far too common for us to be unaware of the consequences. The hacker is most likely going to sell the information. It might not sound like that big of a deal, but the seller can sell to as many people as they want. There is no honor among thieves; they don’t care about selling the same data seven times because they’ll make seven times the money. Therefore, there is no way to know how many people have access to your information, let alone what they plan to do with it.
What Should Affected Parties Do in the Aftermath of the Breach?
“Following the incident, we have implemented additional security measures to enhance our existing cybersecurity protocols,” reads the filing with the Attorney General’s Office. “Additionally, we are offering you a complimentary one-year membership to Experian’s® IdentityWorksSM.” This service offers credit monitoring to the victims, though we also recommend investing in device monitoring software to keep you, your loved ones, and your information safe.