DataBreaches.Net

Oops, did we miss these education sector breaches for k-12?

Posted on by Dissent

Came across these today while researching something else, so I thought I would just list them here for those who track k-12 breaches.

Coffeyville School District in Kansas had a data security incident in July of 2020 that they detected in August of 2020. Their notification letter of February 2021 indicates that names and SSN were involved:  https://www.marylandattorneygeneral.gov/ID%20Theft%20Breach%20Notices/2021/ITU-345458.pdf

Perth Amboy School District in New Jersey reported that a number of employees had fallen for a phishing attack that gave bad actors access to their email accounts with one or more of the following: SSN, driver’s license info, and/or health insurance information. The access occurred between April 15, 2020, and June 17, 2020. Notification letters were sent on or about January 5, 2021: https://www.marylandattorneygeneral.gov/ID%20Theft%20Breach%20Notices/2021/itu-334698.pdf

Puget Sound Educational Service District is a regional entity serving public school districts as well as state-approved charter and private schools in Washington State. On July 25, they discovered unusual activity on their network that traced back to email accounts compromised on April 5 and thereafter. Information attached to those accounts included name, address, and health information. Notification letters were sent on January 26, 2021:
https://www.marylandattorneygeneral.gov/ID%20Theft%20Breach%20Notices/2021/ITU-345385.pdf

Mascoutah School District 19 in Illinois reported that on October 8, 2020, it became aware of a malware incident. Investigation revealed it began with a phishing attack and compromised names and Social Security numbers of an unspecified number of individuals. On January 8, they issued a notification letter:
https://www.marylandattorneygeneral.gov/ID%20Theft%20Breach%20Notices/2021/ITU-345271.pdf

Haywood County Schools in North Carolina reported an incident that occurred in August, 2020. On January 5, they issued a notification letter that indicated that the following data types were involved: name, address, date of birth, Social Security number, and student identification number. Notification: https://www.marylandattorneygeneral.gov/ID%20Theft%20Breach%20Notices/2021/ITU-345248%20(1).pdf