San Dieguito high school district warns of employee email breach

Incident predates malware attack on parent access portal


Computer code. (Photo by Markus Spiske, Unsplash)

North Coast Current

The San Dieguito Union High School District announced May 14 that an unknown party gained access to employee email accounts last summer, an incident that predates an August 2019 malware attack on the district’s parent access portal.

The district announced the breach to notify regulators and those potentially affected by the incident.

“The unauthorized access occurred between July 1, 2019 to July 17, 2019,” the district stated in its announcement. “SDUHSD undertook a lengthy and labor-intensive process to identify the personal information contained in the affected email accounts.”

The district launched an investigation after after it became aware of odd activity related to some employees’ accounts, officials explained. Working with forensic experts, they learned of the unauthorized access.

Exposed information included names, Social Security numbers, financial account numbers, medical information, driver’s licenses and state identification numbers, passport numbers, and account logins, the district reported.

“While the investigation was unable to determine the scope of information that was actually accessed within the affected email accounts, SDUHSD is notifying potentially affected individuals in an abundance of caution,” the statement read.

The district has enacted security measures o protect the data on their systems and continues to assess and update security measures and training to safeguard privacy and security, according to the statement. San Dieguito is also offering cost-free access to credit monitoring and identity protection services to affected individuals.

The email breach occurred before an attack on the San Dieguito Union High School District’s parent access portal.

On Aug. 9, 2019, the Aeries Parent Portal was temporarily disabled after an attempted malware attack, hindering student enrollment and registration, the district reported at the time. The portal was back online by Aug. 19.

The district’s May 14 statement regarding the email breach did not address whether the incidents could have been related.

encinitas current, cardiff current