San Diego Unified School District said Friday a “phishing” scheme may have released the personal data of 500,000 students over the past decade.
“The district has reason to believe some employee and student personal data may have been compromised through the access or use by an unauthorized individual,” the district said in a statement.
The district said it has alerted approximately 50 employees and families of 500,000 students enrolled between the 2008-09 and 2018-19 school years.
The exposed data was from the district’s student database, which includes personal information such as addresses, phone numbers, Social Security numbers, and information about staff benefits and payroll.
The breach was part of an email phishing effort that dates back to January 2018. It was discovered in October.
The district said it has taken “necessary steps to eliminate the threat to personal data and has implemented improvements to prevent such unauthorized access from reoccurring.”
San Diego Unified Police advised the district’s students, parents, faculty and staff to review their credit information and stay on alert for possible fraud. Residents who believe they may be the victim of fraud due to the breach can contact the district police at (619) 291-7678.
Affected parties also can file fraud claims and receive credit report information with any of the three major credit reporting agencies — Equifax, Experian and TransUnion.
>> Subscribe to Times of San Diego’s free daily email newsletter! Click hereFollow Us: