San Diego Unified cybersecurity breach affected more people and sensitive data than previously known | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The San Diego Unified School District says a data breach last fall affected more people and more types of personal data than previously acknowledged.

In addition to students’ medical information, the breach in October affected current and former employees’ sensitive personal data, including Social Security numbers, direct-deposit account information, medical information and more, Dennis Monahan, the district’s executive director of risk services, said the evening of June 2.

SDUSD operates five public schools in La Jolla.

Monahan said additional investigation had revealed those findings in April and that the district had implemented additional security safeguards to help prevent another breach.

“SDUSD takes this incident very seriously and sincerely regrets any concern this may cause,” he said.

The district did not immediately respond to questions about how many people have been affected or notified, whether the investigation is continuing or what specific security safeguards and controls it has put in place.

The disclosure came after the district sent letters to families last month saying the breach had involved students’ names and medical information.

Families were first informed in early December that a third party had accessed some of the district’s systems on Oct. 25. District officials said staff quickly secured the network, launched an investigation and notified law enforcement.

The breach is among several that have threatened California schools recently, including a ransomware attack that prompted an unprecedented systems shutdown in the Los Angeles Unified School District last year and a cybersecurity incident that caused a massive systems outage in the Sweetwater Union High School District early this year.

In his notice June 2, Monahan said anyone whose information may have been involved should remain vigilant and review credit reports and financial account statements for unauthorized activity. If there are any unauthorized charges, contact the bank immediately.

To learn more, contact the district’s dedicated call center at (855) 504-4525 between 8 a.m. and 5 p.m. Mondays through Fridays.

People who suspect they might have been affected but have not received a letter by Thursday, June 15, also should call. ◆


Click Here For The Original Source.

National Cyber Security