Posted on

San Diego School District Data Breach Hits 500k Students

A phishing attack led to the data breach of students’ social security numbers, addresses, and more.

A phishing attack against California’s San Diego Unified School District has led to hackers scooping up Social Security numbers and addresses of more than 500,000 students and staff.

Hackers Data Breach Equifax For 76 Days Before Being Discovered

The district became aware of the breach Oct. 2018. The actual breach occurred between January 2001 and November 2018, a spokesperson said. The district reported that it was first alerted to “multiple reports of phishing emails,” which were used to gather log-in information of staff members throughout the district.

Hackers then used that log-in data to access the social security numbers and first and last names of student and staff, as well as their date of birth, mailing address, home address and phone number.

The 21 biggest data breaches of 2018

“The data file contained information on students dating back to the 2008-09 school year, or more than 500,000 individuals,” according to a notification on the San Diego Unified School District’s website on Friday. “For that reason, all of those individuals have been notified of the incident. Additionally, some 50 district employees had their log-in credentials compromised as part of the phishing operation. All students and staff who had their information accessed have been alerted by district staff.”

The San Diego Unified School District serves more than 121,000 students and is the second largest school district in California.

Other accessed information included:

-Student enrollment information like schedule, discipline incident information, health information, attendance records, transfer information, legal notices on file, and attendance data

-Student and selected staff State Student ID Number

-Student and staff parent, guardian and emergency contact personal identifying information (including first and last name, phone numbers, address, email address, employer information)

-Selected staff benefits information

-Selected staff payroll and compensation information (including viewable paychecks and pay advices, deduction information, tax information, direct deposit financial institution name, routing number and account number, salary and leave information)

The district said that police have identified “a subject of the investigation” and blocked all stolen credentials; however, they could not comment more due to the ongoing nature of the investigation. Meanwhile, staff members whose accounts were compromised had the security on their accounts reset.

The San Diego Unified School District did not immediately respond to a request for comment from Threatpost.

Earlier this month, hackers launched a phishing attack against the Cape Cod Community College, and made away with at least $800,000 from the school’s bank accounts, according to The Boston Globe.

Phishing has continued to be an easy – but effective – tactic for hackers to access credentials and use them to log in to systems. In fact, the technique has increased in popularity during the holiday season, according to researchers at Proofpoint.

The best way to counter this technique, according to Tim Erlin, vice president of product management and strategy at Tripwire, is to have complete and comprehensive logs from all systems.

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

“Phishing remains a major avenue for initial compromise,” he said in an email. “When planning security controls, it’s important to consider not only what an attacker might do, but also what an attacker with authorized access might do.”

Source: Threatpost – Lindsey O’Donnell

Posted on

Facebook exposed up to 6.8 million users’ private photos to developers in latest data leak

Facebook exposed private photos from up to 6.8 million users to apps that weren’t supposed to see them, the company said today. These apps were authorized to see a limited set of users’ photos, but a bug allowed them to see pictures they weren’t granted access to. These included photos from people’s stories as well as photos that people uploaded but never posted (because Facebook saved a copy anyway).

“Darktrace’s machine learning approach means that our days of battling cyber-threats at the border are over,” commented Paul Martinello, Vice President of Information Technology, Energy+. “Before deploying Darktrace, we had no way of detecting emerging threats, and we had a reactive approach to cyber defense. The Enterprise Immune System protects our network from the inside out, allowing us to catch even the subtlest and most advanced forms of threat at their earliest stages.”

Darktrace Enterprise Network Process Cyber-Security Immune System

The exposure occurred between September 12th and September 25th. Facebook toldTechCrunch that it discovered the breach on the 25th; it isn’t clear why the company waited until now to disclose it. (Perhaps it’s because the company was dealing with a separate and substantially larger breach that it also discovered on September 25th.)

Affected users will receive a notificationalerting them that their photos may have been exposed. Facebook also says it’ll be working with developers to delete copies of photos they weren’t supposed to access. In total, up to 1,500 apps from 876 different developers may have inappropriately accessed people’s pictures.

Image: Facebook

Facebook said the bug had to do with an error related to Facebook Login and its photos API, which allows developers to access Facebook photos within their own apps. All of the impacted users had logged into a third-party app using their Facebook accounts and granted them some degree of access to view their photos.

“We’re sorry this happened,” writes Tomer Bar, engineering director at Facebook. The disclosure comes exactly one day after Facebook opened a pop-up installation in New York to show people how “you can manage your privacy” on the site.

Facebook has been in hot water again and again this year over data breaches and exposures, most notably with Cambridge Analytica. In many cases, the problems haven’t been caused by hackers, but they have stemmed from issues within Facebook itself. The Cambridge Analytica breach happened because of Facebook’s lax oversight of developers and data sharing; today’s issue happened because of another breakdown in communication between Facebook and developers.

Google has already pledged to shut down Google+ over similar issues. Twice this year, the service exposed information inappropriately to developers.

Source:  The Verge Jacob Kastrenakes on 


Customers who viewed this item also viewed

Hackers Data Breach Equifax For 76 Days Before Being Discovered

Marriott faces backlash over data breach impacting 500 million guests

Solutions

Meet Penny, an AI tool that can predict wealth from space

Windows 10’s Built-in Antivirus Is Getting A Massive Upgrade

Quora Website Data Breach Hits 100 Million Users

The 21 biggest data breaches of 2018

5 Key Benefits of Computer-Integrated Manufacturing

What We Do

Executive Team

Posted on

Solutions

Growing Successful Businesses need robust and reliable Business Development and Continual Services Improvement

Growing successful businesses need productivity and cyber-security systems support that assures uninterrupted production and liberates time for business owners to focus on business development, business goals and objectives.

Productivity and Cyber-security products, services support and solutions that save time and money, reduce business owner’s stress, assure readiness for the biggest challenges, reduce cost and enhances to business process for management and executives to direct and be involved at business owner’s Board level, real-time.

 

Featured Specialties

Services

 

 

 

Specialties

#s911productsuite