San Diego School District Data Breach Hits 500k Students

A phishing attack on the data breach of the social security numbers, addresses, and more.

A Phishing Attack Against California San Diego Unified School Districts has been hijacked up to 500,000 students and staff.

The district became aware of the breach Oct. 2018. The actual breach occurred between January 2001 and November 2018, the spokesperson said. The district reported that it was first alerted to "multiple reports of phishing emails," which were used to gather log-in information from staff members throughout the district.

Hackers then used that log-in to the social security numbers and first and last names of student and staff, and their date of birth, mailing address, home address and phone number. and phone number.

2008-09 school year, or more than 500,000 individuals, according to the San Diego Unified School District's website Friday. "For that reason, all 50 district employees had their log-in credentials compromised as part of the phishing operation ."

The San Diego Unified School District serves more than 121,000 students and is the second largest school district in California.

Other accessed information included:

-Student enrollment information like schedule, incident discipline information, health information

-Student and selected staff Student State Number Number

-Student and staff parent, guardian and emergency contact person identifying information (including first and last name, phone numbers, address, email address, employer information)

-Selected staff benefits information

-Selected staff payroll and compensation information (including viewable paychecks and pay advice, deduction information, tax information, direct deposit

The district said that police have identified "a subject of the investigation" and blocked all stolen credentials; however, they could not comment on the nature of the investigation. Meanwhile, staff members whose accounts have been compromised.

The San Diego Unified School District did not immediately respond to a request for comment from Threatpost.

Earlier this month, hackers launched a phishing attack against the Cape Cod Community College, and made with at least $ 800,000 from the school's accounts, according to the Boston Globe

Phishing has continued to be an easy - but effective - tactic for hackers to access credentials and use them to log in to systems. In fact, the technique has increased in popularity during the holiday season, according to researchers at Proofpoint.

The best way to counter this technique, according to Tim Erlin, vice president of product management and strategy at Tripwire, is to have complete and comprehensive logs from all systems.

"Phishing remains a major avenue for initial compromises," he said in an email. "When planning security controls, it is important to consider not only what an attacker might do, but also what an attacker with authorized access can do."