This year has already seen a number of high-profile hacks and data breaches, involving everything from Panera to Facebook. And it’s apparently not over just yet.
In so many of these 2018 incidents, hundreds of thousands or even millions of records have been compromised. Just take a look at the recent Marriott-Starwood hotel chain breach that impacted about 500 million guests.
And here we go again. This time, a school district was hacked and the stolen information involves half a million students and staff members.
A yearlong hack
Just before Christmas break began last week, the San Diego Unified School District in California posted information about a breach to its website. According to ZDNet, a hacker stole the personal details of over 500,000 students and staffers from the past 10 years.
This incident involved phishing, which involves a hacker sending emails that look authentic but instead redirect recipients to fake login pages. Once a user tries to log into the fake pages, the hacker can steal their credentials. The emails raised a red flag for some staff members in October, who reported them to the school district’s IT staff.
Bonus: Clever new phishing attack is hitting Office 365 accounts
School officials determined that someone had access to their network since the beginning of 2018, but the stolen data actually goes all the way back to the 2008-2009 school year. They allowed the hacker to continue, while San Diego police and IT staff worked to find the suspect. Their plan worked and the culprit was identified.
The stolen information
Even though the hack had ended, officials believe the suspect had previously gained access to over 50 district employee accounts. Those accounts have been reset, but unfortunately, the damage was already done. The school district reports the following information was compromised:
- Student and selected staﬀ personal identifying information, including ﬁrst and last name, date of birth, mailing address, home address, telephone number;
- Student enrollment information, including schedule, discipline incident information, health information, school(s) of attendance, transfer information, legal notices on ﬁle, attendance data;
- Student and selected staﬀ Social Security number and/or State Student ID Number
- Student and staﬀ parent, guardian and emergency contact personal identifying information, including ﬁrst and last name, phone numbers, address (if provided), email address, employer information;
- Selected staﬀ beneﬁts information, including health beneﬁts enrollment information, beneﬁciary identify information, dependent identity information, savings or ﬂexible spending account information;
- Selected staﬀ payroll and compensation information, including viewable paychecks and pay advances, deduction information, tax information, direct deposit ﬁnancial institution name, routing number and account number, salary and leave information
The hacker could not only access but also alter data. The district is not sure if the data was actually viewed or copied. Read the full release here
What to do if you’re the victim of a data breach
If your information is out there because of this or any other data breach, be careful. Other scammers might try to piggyback on a breach like this and call you, pretending to be from the affected organization so they can steal additional info.
It’s also a good idea to check up on your other online accounts and passwords. If you use the same password for multiple accounts, we can show you how to replace them with unique alternatives or make use of a password manager. Click or tap here to find out more
Bonus: List ranks worst passwords you really need to stop using right now
Check your banks statements as well, and look for any suspicious activity. In extreme cases, you can also put a credit freeze on your accounts. Click here to find out how