A school district in the United States has suffered a cyber attack in which unknown hackers managed to steal a trove of personal data belonging to over 500,000 staff and students.
The targeted school was San Diego Unified School District in California whose database was accessed by hackers just before Christmas allowing them to steal 10 years worth of personal data.
The breach, according to data breach notification [PDF] from the school was identified on October 28th and took place due to a phishing attack. The stolen data contained highly personal details of students and staff including student ID numbers, full names, dates of birth, home addresses, mailing addresses, phone numbers, and social security numbers, etc.
A full list of stolen data is available below:
1: Student and selected staff personal identifying information, to include: first and last name, date of birth, mailing address, home address, telephone number.
2: Student enrollment information, to include: schedule, discipline incident information, health information, school(s) of attendance, transfer information, legal notices on file, attendance data.
3: Student and selected staff Social Security Number and/or State Student ID Number.
4: Student and staff parent, guardian and emergency contact personal identifying information, to include: first and last name, phone numbers, address (if provided), email address, employer information.
5: Selected staff benefits information, to include: health benefits enrollment information, beneficiary identify information, dependent identity information, savings or flexible spending account information.
6: Selected staff payroll and compensation information, to include: viewable paychecks and pay advice, deduction information, tax information, direct deposit financial institution name, routing number and account number, salary and leave information.
What’s worse is that hackers had access to the servers that would allow them to alter data within the school’s system. Authorities have also acknowledged that some personal data was viewed and copied between January 2018 and November 1, 2018.
“We sincerely regret that, after completing a thorough forensic investigation, we have reason to believe personal data may have been compromised through the access or use by an unauthorized individual. The unauthorized access resulted in the potential viewing of the personal data of some students and staff members. The personal data potentially included social security numbers and other personally identifying information,” SDUSD said.
SDUSD’s data breach came days after NASA informed their staff about the incident in which their personal data was stolen. A few weeks ago, Quora also announced that it suffered a breach in which personal data of 100 million users was stolen while in November, Marriott Hotels revealed that it suffered a cyber attack in which sensitive data of 500 million guests was stolen.
Phishing attacks are increasing and causing business a great deal of damage. Here are 5 tips that will protect you from phishing attacks. Also, it’s time for companies to teach their employees about cybersecurity and luckily, there are a few ways you can teach your employees about cybersecurity, all of which are more accessible than the last.