More than 500,000 students, parents and staff members of San Diego Unified School District may have had their personal information exposed in a data breach earlier this year, district officials announced Friday.
The breach, which was discovered in October, may have exposed a range of personal information including Social Security numbers, names, birth dates and addresses of students, according to KTLA sister station KSWB in San Diego. Student information including schedules, disciplinary records and health details also could have been accessed.
The breach additionally exposed parent and emergency contact records, including names, addresses, phone numbers and employer information. Staff member’s banking details — including routing and account numbers — plus payroll and benefit information were also involved.
The district was in the process of notifying every person affected Friday. Officials said they waited to alert families until December “to not immediately tip off those responsible that we are aware of their activities.”
The full letter notifying families of the breach can be found here.
San Diego Unified said the information dated back to the 2008-2009 school year, encompassing more than 500,000 people. Another 50 district employees had their information compromised.
The breach occurred at some time between January and November this year, officials said.
New security measures have been put in place and personal information was no longer under threat, according to SDUSD.
San Diego Unified police and the district’s information technology staff said the breach was made through a phishing scheme, in which victims are tricked into revealing confidential information through a deceptive email.
Investigators are still trying to determine who is responsible for the breach.