The personal information of San Diego Unified students, former students and employees may have been compromised in a data breach that officials believe happened in January, the school district said Friday.
The breach could affect as many as 500,000 students who attended San Diego Unified schools as far back as the 2008-09 school year, officials said.
The breach may have included information about students and staff such as addresses and dates of birth, discipline, health, scheduling and grade information, according to an email sent to school families on Friday. Social Security numbers were also affected.
About 50 staff members’ accounts are known to have been compromised and have been reset, according to the district.
“The San Diego Unified School District has taken the steps necessary to eliminate the threat to your personal data and implement improvements to prevent such unauthorized access from happening again,” the district said in the email.
In October, information technology staffers were investigating phishing emails that collected log-in information from district staff.
“When we determined it was unauthorized access, we began working with school police, which was right away,” said Toren Allen of the district’s integrated technology department.
The district did not publicly announce the breach until now to avoid compromising the investigation, Allen said.
“We couldn’t communicate until some of the details were able to be picked up during the investigation,” Allen said.
A suspect has been identified, Allen said, but he would not give any details.
The district’s police department is leading the investigation.
Taketa writes for the San Diego Union-Tribune.