Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

San Diego School District (SDUSD) security breach exposed data of 500,000 students and staff

Personal information belonging to over 500,000 students and 50 district employees were exposed in the San Diego School District (SDUSD) security breach. An attacker sent spear-phishing to SDUSD personnel with the intent of trick them into revealing credentials to access the district’s network services. The attacker accessed personal information of student and staff, including names, […]

San Diego Unified School District SDUSD

Personal information belonging to over 500,000 students and 50 district employees were exposed in the San Diego School District (SDUSD) security breach.

An attacker sent spear-phishing to SDUSD personnel with the intent of trick them into revealing credentials to access the district’s network services.

The attacker accessed personal information of student and staff, including names, dates of birth, mailing and home addresses, telephone numbers, social security numbers and/or state student ID numbers.

The hacker also accessed schedule, health data, schools of attendance, transfer information, recorded legal notices, and attendance data.

Exposed info include data about the students’ parents or guardians, emergency contacts of the district’s employees and staff benefits information (health benefits enrollment information, beneficiary identify information, dependent identity information, savings or flexible spending account information),

Both students and employees had Social Security numbers exposed, the hacker also accessed for some staff paychecks, salary and direct deposit information, routing and account numbers, deduction information, tax information.

San Diego Unified School District SDUSD

The district discovered the data breach in October, but did not immediately alert affected people because “it was necessary for our investigation to not immediately tip off those responsible that we were aware of their activities.” The breach is believed to date back to January 2018, this means that the hacker accessed the information for 12 months.

The investigation is still ongoing and affected people are being notified via email, according to the SDUSD the law enforcement identified a subject of the investigation and blocked all stolen credentials.

In response to the incident, the staff members whose accounts were compromised had their passwords reset. SDUSD announced the implementation of extra security measures to avoid such kind of incident in the future.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – SDUSD , data breach)

[adrotate banner=”5″] [adrotate banner=”13″]