Posted on December 28, 2018 at 8:09 AM
Yet another massive hacking incident got revealed recently, and it affected thousands of individuals. According to new reports, just before last week’s holiday break, the California-based San Diego Unified School District revealed information about its website being breached. The report claims that an unknown individual or group managed to steal private information belonging to 500,000 staffers and students over the course of the last 10 years.
The incident is similar to the recently discovered Marriott hotel breach, which was also a result of a year-long infiltration that affected 500,000 guests and hotel employees.
In both occasions, it is believed that hackers managed to infiltrate the system through phishing attacks. This includes sending seemingly official emails with the goal of trying to trick users into clicking on links contained within. The link would take the user to a fake webpage that usually resembles the one belonging to the service hackers are posing as. After attempting to log into the fake webpage, the hackers would gain their victim’s login credentials.
The hack was reported after receiving phishing emails
In the San Diego Unified School District’s case, similar emails were reported by staff members in October 2018. At first, school officials believed that hackers may have infiltrated school’s systems at some point in early 2018. However, after the district’s IT department examined the situation, they discovered that data theft goes as far back as 2008. Instead of cutting the hacker off, the school district contacted the police, and while the hacker unsuspectingly continued stealing data, the police and IT staff managed to identify them.
It is currently believed that the attacker managed to access the accounts of more than 50 districts’ employees. After the hack was interrupted, the IT department reset the accounts. Even so, around 10 years worth of data is already stolen.
The school district mentioned in their report that the compromised data includes student and staff information including identities, home addresses, email addresses, dates of birth, phone numbers, student enrolment info, schedules, incident reports, health reports, attendance reports, and more.
Furthermore, both the students and the staff have had their Social Security numbers and State Student ID Numbers compromised. Information about parents, guardians, or emergency contacts of affected individuals was stolen as well, but also staff payroll and compensation data, tax information, account numbers, and more.
Finally, the district also announced that the attacker also gained the ability to change data, in addition to simply accessing it. As a result, it is still unknown what data, if any, was changed, viewed, or copied.
What to do after losing information to hackers?
Considering the number of hacking attacks that have been reported this year, millions upon millions of people are believed to be affected. Numerous groups, companies, and organizations were either attacked suddenly or were discovered after years of silently exploiting the systems.
This is not only affecting user privacy, but it also places them in danger of having their funds or identity stolen. Those who were affected in some of the largest hacks were likely already notified about it. Even users who only suspect that they might be a victim of a similar attack should remain cautious, as this information can be sold on the dark web, and purchased by anyone.
This also includes scammers who might try to use the collected information to trick the victims of a hack into revealing even more data, and possibly access to their funds. All online accounts that affected users might have should be logged out of all devices, and have their passwords changed. Other than that, the best thing users can do is educate themselves about these threats in order to be able to recognize them early on and prevent data leakage.