Cybersecurity News

San Dieguito Union High School District – Notice Of Data Breach

ENCINITAS, Calif., May 14, 2020 /PRNewswire/ — Although it has no confirmation that personal information was acquired without authorization, San Dieguito Union High School District (“SDUHSD”) announced today that it has taken action after becoming aware of an incident in which an unknown third party gained access to certain employee email accounts. Out of an abundance of caution, SDUHSD is providing notice of this event to potentially impacted individuals as well as certain regulators.

What Happened? SDUHSD became aware of unusual activity related to certain employees’ email accounts. SDUHSD immediately launched an investigation, with the aid of forensic experts, to determine the nature and the scope of the activity. SDUHSD learned of unauthorized access to certain employees’ email accounts. The unauthorized access occurred between July 1, 2019 to July 17, 2019. SDUHSD undertook a lengthy and labor-intensive process to identify the personal information contained in the affected email accounts. Since SDUHSD confirmed the individuals impacted by this event, SDUHSD has worked to obtain mailing addresses for the impacted individuals where possible. While the investigation was unable to determine the scope of information that was actually accessed within the affected email accounts, SDUHSD is notifying potentially affected individuals in an abundance of caution.

What Information Was Involved? While SDUHSD was unable to confirm whether any information was accessed or acquired by the unauthorized individual, the investigation confirmed that the following types of information were present in the affected email accounts: name, address, Social Security number, driver’s license/state identification number, passport number, financial account number, diagnosis information, medical information, health insurance information, and username/password/account login.  

What We Are Doing. SDUHSD takes this incident and the security of personal information in their care very seriously. SDUHSD has security measures in place to protect the data on their systems and they continue to assess and update security measures and training to their employees to safeguard the privacy and security of information in their care. As an added precaution, SDUHSD is offering affected individuals access to credit monitoring and identity protection services at no cost.  Because SDUHSD has insufficient contact information for some of the individuals whose information may be contained in the affected email accounts, it is providing notice to potentially impacted individuals by way of a notification published to certain state media outlets. SDUHSD is mailing notice letters to those individuals for whom it has confirmed mailing address information. SDUHSD is also notifying regulatory authorities, as required by law.  

For More Information. Individuals who may have questions about the incident, may contact our dedicated call center at 1-844-963-2715 Monday through Friday from 8:00 a.m. to 5:30 p.m. CT, or visit SDUHSD’s website at sduhsd.net. 

What You Can Do. SDUHSD encourages individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious activity. Under U.S. law individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report.

Individuals have the right to place a “security freeze” on their credit report, which will prohibit a consumer reporting agency from releasing information in their credit report without an individual’s expressed authorization. The security freeze is designed to prevent credit, loans, and services from being approved in an individual’s name without their consent. However, individuals should be aware that using a security freeze to take control over who gets access to the personal and financial information in their credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or applications made regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, individuals cannot be charged to place or lift a security freeze on their credit report. Should individuals wish to place a security freeze, please contact the major consumer reporting agencies listed below:

Experian

PO Box 9554

Allen, TX 75013

1-888-397-3742

www.experian.com/freeze/center.html

 

TransUnion

P.O. Box 160

Woodlyn, PA 19094

1-888-909-8872

www.transunion.com/credit-freeze

Equifax

PO Box 105788

Atlanta, GA 30348-5788

1-800-685-1111

www.equifax.com/personal/credit-report-services

 

In order to request a security freeze, individuals will need to provide the following information:

  1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
  5. Proof of current address, such as a current utility bill or telephone bill;
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
  7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.

As an alternative to a security freeze, individuals have the right to place an initial or extended “fraud alert” on their file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If an individual is a victim of identity theft, they are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should individuals wish to place a fraud alert, please contact any one of the agencies listed below:

Experian

P.O. Box 9554

Allen, TX 75013

1-888-397-3742

www.experian.com/fraud/center.html

TransUnion

P.O. Box 2000

Chester, PA 19016

1-800-680-7289

www.transunion.com/fraud-victim-resource/place-fraud-alert

Equifax

P.O. Box 105069

Atlanta, GA 30348

1-888-766-0008

www.equifax.com/personal/credit-report-services

Individuals can further educate themselves regarding identity theft, fraud alerts, security freezes, and the steps they can take to protect themselves by contacting the consumer reporting agencies, the Federal Trade Commission, or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them.  Individuals can obtain further information on how to file such a complaint by way of the contact information listed above. Individuals have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, individuals will likely need to provide some proof that they have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and individuals’ state Attorney General. This notice has not been delayed by law enforcement.  

Cision View original content:http://www.prnewswire.com/news-releases/san-dieguito-union-high-school-district—notice-of-data-breach-301059894.html

SOURCE San Dieguito Union High School District

Print Friendly, PDF & Email