IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

San Diego Schools Hack Worse Than Initially Believed

A cybersecurity breach at San Diego Unified School District in October 2022 not only affected student medical information but also employees' Social Security numbers, bank account information, medical data and more.

A gloved hand coming out a laptop screen and stealing a credit card from a wallet sitting in front of the laptop.
Shutterstock
(TNS) — A data breach at the San Diego Unified School District last fall affected more people and more types of personal data than previously acknowledged, the district said Friday evening.

In addition to students' medical information, the breach in October also affected current and former employees' sensitive personal data, including Social Security numbers, direct deposit account information, medical information and more, said the district's executive director of risk services, Dennis Monahan.

He said additional investigation had revealed those findings in April, and that the district had implemented additional security safeguards to help prevent another breach. "SDUSD takes this incident very seriously and sincerely regrets any concern this may cause," he said.

The district did not immediately respond to questions about how many people have been affected or notified, whether the investigation is ongoing or what specific security safeguards and controls it has put in place.

The disclosure comes after the district sent letters to families last month saying the breach had involved students' names and medical information.

Families were first informed in early December that a third party had accessed some of the district's systems on Oct. 25. District officials said staff quickly secured the network, launched an investigation and notified law enforcement.

The breach is among several that have threatened California schools recently, including a ransomware attack that prompted an unprecedented systems shutdown in Los Angeles Unified School District last year and a cybersecurity incident that caused a massive systems outage in Sweetwater Union High School District early this year.

In his notice Friday evening, Monahan said that anyone whose information may have been involved should remain vigilant and review their credit reports and financial account statements for unauthorized activity, and if they see unauthorized charges, they should contact their bank immediately.

People with questions can also call the district's dedicated call center at 1-855-504-4525 between 8 a.m. and 5 p.m. Monday through Friday.

Anyone who suspects they might have been affected but has not received a letter by June 15 should also call.

©2023 The San Diego Union-Tribune. Distributed by Tribune Content Agency, LLC.