Sweetwater school district reports breach compromising employee, student information
Learn More
The Sweetwater Union High School District in San Diego announced that personal information of students, families, and current and former employees was compromised in a data breach that occurred between February 11 and 12.
The unauthorized individual gained access to the district's computer network and obtained files containing personal information, including
- Social Security numbers,
- names,
- dependent information of employees.
Update - additionally the following data was also found to be exposed:
- phone numbers
- email addresses
- student ID numbers
- grades, transcript
- attendance records,
- discipline records,
- health information,
- payroll information of current and former students and employees.
The district, serving approximately 36,000 middle and high school students, initially withheld information about the breach but later confirmed its occurrence.
The district has not disclosed the exact number of individuals affected nor the nature of the attack.
In April, the district entered into an agreement with a company for its duo multi-factor authentication software so that employees could prevent unauthorized access to district systems. So it seems that the vector of attack is a compromised user account due to weak/shared/recycled password.
Affected employees and parents have received notification letters regarding the breach.
The district stated that it has implemented security measures to prevent future incidents and has hired agencies to investigate the breach and provide security advice.
Additionally, the district is offering a one-year credit monitoring and identity theft protection service to those affected.
