Info on Over 500,000 Students and Staff Exposed in San Diego School District Hack (Dec 22, 2018)
Over half a million students going back to 2008-2009, their parents, and staff in the San Diego Unified School District (SDUSD) are believed to have been affected in a data breach. An unauthorized user sent phishing emails to staff to obtain login credentials for the district's network services. The unknown threat actor had access to information such as: dates of birth, home addresses, mailing addresses, names, social security numbers, staff benefits information, staff payroll and compensation figures, student ID numbers, and telephone numbers. In addition, student enrollment information such as schedules, health data, schools of attendance, transfer information, recorded legal notices, and attendance data were accessible as well as students' parents or guardians data, and emergency contacts of the district's employees. It is not clear what the threat actor did with the information they had access to, but they were able to access it for an extended period of time, between January 2018 until November 2018. According to the district, they had discovered the intrusion in October, but did not disclose it until now so they could investigate without alerting the threat actor.
Recommendation: The district has blocked all stolen credentials and forced all students, parents, and staff to reset their passwords. Leaks of this sort causes individuals to be at a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Users should also monitor their credit in order to make sure that nothing out of the ordinary is happening and no identity fraud is being committed.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.