A phishing attack on California's second-largest school district resulted in a breach of student, staff, and parental records dating back 10 years.
A phishing attack against the San Diego Unified School District has led to hackers scooping up Social Security numbers and addresses of more than 500,000 students and staff.
The district became aware of the breach Oct. 2018. The actual breach occurred between January 2001 and November 2018, a spokesperson said. The district reported that it was first alerted to “multiple reports of phishing emails,” which were used to gather log-in information of staff members throughout the district.
Hackers then used that log-in data to access the social security numbers and first and last names of student and staff, as well as their date of birth, mailing address, home address and phone number.
“The data file contained information on students dating back to the 2008-09 school year, or more than 500,000 individuals,” according to a notification on the San Diego Unified School District’s website on December 21, 2018.