Phishing Attack on San Diego School District Compromised Over 500,000 Staff and Students Data


A serious phishing attack on the San Diego School District resulted to the compromise of the private data, including health data, of around 500,000 students and staff.

The school district became aware of the phishing attack just in October 2018; though, the breach investigators pointed out that the hacker had accessed the network since January 2018. The attacker had accessed the network for almost one year until November 2018.

The school district refrained from alerting the hacker of its discovery of the breach. Instead, the incident was further investigated to learn about the nature and extent of the breach. Once the preliminary step of the investigation was done, the network access of the hacker was cut off.

San Diego School District carried out the investigation along with the San Diego Unified Police and had tracked down the culprit behind the phishing attack. All impacted staff and student accounts were reset so that the unauthorized persons could not access the accounts any more. The attacker allegedly used very realistic phishing emails that redirected misled users to a webpage where they disclosed their account details to the attacker.

To date, this breach is among the major phishing attacks reported. There were over 50 district staff email accounts of district exposed to the hacker in almost one year.

The types of information exposed during the breach included names, birth dates, phone numbers, home addresses, mailing addresses, state student ID numbers, school attendance data, schedule information, transfer data, Social Security numbers, emergency contact details, legal notices, and medical data. Exposed information of the district staff included paychecks, pay advice, staff medical benefits application data, beneficiary identity information, savings and flexible spending account details, dependents’ identities, tax information, direct deposit bank account names, routing numbers, payroll and compensation details. The information from school year 2008-2009 were compromised in the attack.

Though there was potential access to data, it is not certain whether the hacker viewed or downloaded any staff or student data. All persons whose information were potentially exposed had been notified. The school district also implemented additional security controls to avert the likelihood of similar breaches.