Over 500k students and workers have been affected by this incident
Personal information belonging to more than 500k employees and students from the academic institutions of San Diego, California, could have been stolen by malicious actors, as reported by cybersecurity experts from the International Institute of Cyber Security.
Through a statement, the San Diego School District reported that this incident, described as an “unauthorized access”, was carried out through a simple phishing campaign in which the access keys of about 50 employees were compromised in several schools last January. Cybersecurity personnel from academic institutions took about 10 months to detect the incident.
In the case of the European Union’s General Data Protection Regulation (GDPR), it is required that the organizations report this kind of incidents within the next 72 hours to their discovery. On the other hand, U.S. legislation about data breaches establishes that organizations can apply for a time extension to conduct their own research, as reported by cybersecurity experts.
Apparently, one of the responsible individuals has already been identified, and all the compromised access credentials have been dismissed, although this does not mean that the attackers have not been able to access personal information stored by the schools.
According to cybersecurity specialists, compromised data include full names, birth dates, social security numbers, California State student identification keys, parent/guardian data, payroll information of school staff, and even tax details and salary information. Many of these data could be of great use to some cybercriminal.
Several security firms reported that over one million children in the United States were victims of identity fraud during 2017, resulting in losses of around $2.6M USD. According to experts in cybersecurity, given the limited or null financial records that a child has, it is very easy for criminals to open fake bank accounts on behalf of the infants, among other similar activities. In this incident also highlights the importance of phishing for cybercriminals, since, according to estimates of multiple security signatures, phishing is a common element in most data breaches, because about 90% of these incidents start with fraudulent email campaigns.