California’s San Diego Unified School District has suffered a phishing attack that leaked data of 500000 students and staff. The data comprised of security numbers, addresses, names, and other sensitive personal information. The incident occurred between January 2018 and November 2018, but the IT staff became aware of it only in October 2018.
The hackers who launched the attack used phishing emails that helped them get their hands on user login credentials. Then, by using these credentials, they gained access to information such as social security numbers, state student ID number, first and last names, dates of birth, health information, tax information, salary, and direct deposit financial institution names, email addresses, home addresses, and phone numbers. In total, the data file that was breached contained information of more than 500000 individuals, and even students and staff that had completed their studies back in the 2008-09 year.
The San Diego School has notified all individuals that had their information accessed to change their log-in credentials. The compromised accounts were reset by the police and information technology staff upon the discovery of the breach anyway, and now new data security measures have been implemented in order to minimize the chance of this happening again in the future. The school also suggests that all people place an identity theft/fraud alert and freeze their credit cards by alerting the credit reporting agencies.
The San Diego Unified Police and the IT staff of the school have supposedly identified the people responsible for the phishing attack but decided not to disclose specific information just yet, as the investigation is still ongoing. Phishing attack hackers find that school databases are lightly guarded “treasuries”, and seem to target them a lot lately. Earlier this month, a similar phishing attack was launched against the Cape Cod Community College, with the hackers getting their hands to over $800k from the school’s bank accounts! The holiday season which makes gift cards more believable makes the whole process even easier for these hackers.
How do you check the legitimacy of a holiday coupon offer that arrives in your inbox? Let us know in the comments below, and also take part in our online social community discussions on Facebook and Twitter.