Over 500k students and workers have been affected by this incident
Personal information belonging to more than 500k employees and students from the academic institutions of San Diego, California, could have been stolen by malicious actors, as reported by cybersecurity experts from the International Institute of Cyber Security.
Through a statement, the San Diego School District reported that this incident, described as an “unauthorized access”, was carried out through a simple phishing campaign in which the access keys of about 50 employees were compromised in several schools last January. Cybersecurity personnel from academic institutions took about 10 months to detect the incident.
In the case of the European Union’s General Data Protection Regulation (GDPR), it is required that the organizations report this kind of incidents within the next 72 hours to their discovery. On the other hand, U.S. legislation about data breaches establishes that organizations can apply for a time extension to conduct their own research, as reported by cybersecurity experts.
Apparently, one of the responsible individuals has already been identified, and all the compromised access credentials have been dismissed, although this does not mean that the attackers have not been able to access personal information stored by the schools.
According to cybersecurity specialists, compromised data include full names, birth dates, social security numbers, California State student identification keys, parent/guardian data, payroll information of school staff, and even tax details and salary information. Many of these data could be of great use to some cybercriminal.
Several security firms reported that over one million children in the United States were victims of identity fraud during 2017, resulting in losses of around $2.6M USD. According to experts in cybersecurity, given the limited or null financial records that a child has, it is very easy for criminals to open fake bank accounts on behalf of the infants, among other similar activities. In this incident also highlights the importance of phishing for cybercriminals, since, according to estimates of multiple security signatures, phishing is a common element in most data breaches, because about 90% of these incidents start with fraudulent email campaigns.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.