Over 500K School Staff and Students Hit by Breach

Security

The personal data of more than half a million staff and students of San Diego high schools from the past decade is now likely in the hands of hackers, it has emerged.

A statement from the San Diego Unified School District on Friday revealed that unauthorized access was achieved by a simple phishing campaign which compromised 50 staff log-ins back in January.

It was only 10 months later that IT staff detected the intrusion, with the threat finally eliminated on November 1.

Although GDPR regulators require 72-hour mandatory notifications, in the US police often request a delay to give them time to investigate and possibly apprehend the suspect.

An individual has apparently been identified and all stolen credentials are now useless, but the damage has arguably already been done.

Breached data includes: first and last name; date of birth; mailing and home address; phone number; student enrolment info; Social Security and/or State Student ID numbers; contact information on parents, guardians and emergency contacts; and staff benefits and payroll info including routing and account number, tax info, and salary info.

Data is said to go as far back as the 2008-9 school year.

There’s plenty in there for financially motivated cyber-criminals to monetize, not least the Social Security numbers of students.

Over one million US children fell victim to identity fraud in 2017, resulting in losses of $2.6bn, according to Javelin Strategy & Research. It’s thought that because they have limited financial records on file, children offer fraudsters a bigger opportunity to open fake accounts and the like in their name.

The case also highlights the continued threat from phishing: it featured in 93% of all data breaches analyzed by Verizon last year.

Products You May Like

Articles You May Like

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws
Apple patches 51 security flaws
Sacked IT guy annihilates 23 of his ex-employer’s AWS servers
Analysis of a Chrome Zero Day: CVE-2019-5786
Facebook password crisis – what to do? [VIDEO]

Leave a Reply

Your email address will not be published. Required fields are marked *