San Diego Unified School District

Fall data breach at San Diego Unified worse than originally thought: District

NBC Universal, Inc.

It turns out, a data breach within the San Diego Unified School District last fall was much worse than first thought.

The district recently released an update on the investigation, saying more personal information was potentially compromised, including social security numbers and bank account information for both current and former employees.

There’s been an uptick in the number of school districts targeted by cybercrime, according to cyber security specialist Jim Stickley.

"Cyber criminals realize [school districts] generally don’t have as big a budget, especially when it comes to protecting themselves or actually having security structure in place," Stickley said.

The school district announced that in October of 2022, someone gained unauthorized access to the computer records of some current and former employees.

Turns out those files also contained social security numbers, driver’s license or state identification numbers, direct deposit account information, health plan information and/or medical information.

"Once a criminal has that information, they have everything they need to become you. So identity theft becomes easy for them," Stickley said.

Stickley suspects the hack was the work of a cyber ransom gang looking to extort money from the district, or worse.

"Their whole goal is, in that case, is to throw it up on the dark web and make money off of it," he said.

While the district did not indicate student information was compromised, Stickley said students are also often targets of illegal data mining.

"By the time they’re old enough to start getting their own credit cards they’ll, for the first time ever, discover their credit is completely trashed by somebody else using their identity years in advance," Stickley explained.

The school district post indicates it’s updating passwords and implementing additional security safeguards. Stickley said that may indicate someone was using the same password over and over, or shared a password.

In these cases, it’s often times human error and remedied with training and education. The district said it has notified anyone who was affected. If you haven’t been contacted by June 15th - but feel you may have been a victim - you can find out by calling San Diego Unified School District's incident response line at 1-855-504-4525.

Contact Us