San Diego Unified School District Data Breach (2018)

The San Diego Unified School District said they have alerted employees and families to an incident involving the security of their personal data on the district’s information systems. According to the district they have reason to believe some employee and student personal data may have been compromised through the access or use by an unauthorized individual. Roughly 50 staff members whose accounts were compromised had the security on their accounts reset immediately upon discovery. Families of students whose data may have been accessed have been contacted by the district. The breach is believed to date back to January 2018 and could impact as many as 500,000 students who were enrolled in the district between the 2008-09 and 2018-19 school years, according to district officials. SDUSD Information Technology staff discovered an unauthorized user was gathering network access log-in information from staff and using that information to log into the district’s network services, including the district student database. This happened through “phishing,” a scam technique where a person creates phony emails that appear to be from a legitimate source and contain harmful links. Unfortunately, this type of scam has become widespread throughout the world.