California’s Morgan Hill Unified School District Announces Data Breach
Table of Contents
- By Steven
- Jan 31, 2023
California schools have been something of a hub for cybercrime in recent months. There have been numerous breaches, like the San Diego Unified School District and the Los Angeles Unified School District, the latter of which went down as the largest education breach in history.
How Did the Attack Occur?
The notice sent to the California State Attorney General’s Office explained that the breach occurred when an unauthorized party accessed an employee's email. “We completed an investigation into an incident involving unauthorized access to an employee’s email account,” reads the notice. “Upon discovering the incident, we immediately took steps to secure the account, a cybersecurity firm was engaged, and an investigation was conducted.”
What Information Was Viewed or Stolen?
As of the time of writing, there is little information available on the breach. The notice states that “evidence did not show which specific emails or attachments were viewed or accessed by the unauthorized actor.” A review was conducted to investigate what information was or may have been accessed. Unfortunately, we are unaware at this time of what these details were, as they were changed on an individual basis and not contained in the district’s notification to the Attorney General.
How Did MHUSD Admit to the Breach?
Morgan Hill Unified School District sent the aforementioned notification to the California Attorney General’s Office and all of the breach’s victims. Each letter detailed the circumstances of the breach and what information could have been accessed. “From the moment that we became aware of the incident, we worked closely with law enforcement and cybersecurity professionals,” reads the notice. “We regret that this occurred and apologize for any inconvenience. To help prevent something like this from happening again, we have taken steps to enhance our existing security measures.”
What Will Become of the Stolen Information?
This is incredibly dependent on what the hacker accessed. It may have been as simple as emails and the names associated with them. It could have been financial information, there may have been sensitive forms involved, or there may even have been files containing medical information or children’s home addresses. Any of these details can be sold; however, some will sell for much more than others. Medical information and diplomas will be high selling and are often a part of identity theft. There is also the heightened risk of abduction, considering the age of most of the likely victims. Every 40 seconds, a child is abducted in the United States, leading to around 840,000 children reported missing each year. We can only hope that addresses were not a part of the accessed information.
What Should Affected Parties Do in the Aftermath of the Breach?
After any beach concerning sensitive personal information, you should file a police report. This will create a paper trail, meaning that if your identity is ever stolen, there will be proof that you were aware of the initial infraction and were taking steps to prevent it. This can also help you fight against any claims a credit card or insurance company (or something of the sort) may have that you have to pay a bill for a service you never received.