Reggie Ellis reports:
Tulare County’s largest school district is notifying some of its 3,000 employees and 32,000 students that some of their personal information has been compromised.
On Dec. 30, Visalia Unified School District (VUSD) announced certain district-issued email accounts were illegally accessed during a data breach between Jan. 1 and June 3, 2021. VUSD said in a statement it identified the problem on June 6, 2021 and then conducted “a comprehensive review of the accounts, which was complete on or around December 3, 2021” to determine which email accounts were illegally accessed and what information was contained in those accounts. The result of the six-month investigation determined most of the information obtained was the name and medical information of the email account holder. In the case of 10 email accounts, information obtained also included the driver’s license number, financial account number, and health insurance information.
Read more at The Sun Gazette.
This may be the same incident that DataBreaches.net noted on May 19, 2021, even though VUSD now claims that they first discovered the incident on June 6. In May, VUSD described the incident as a ransomware incident, but now, it seems, they are publicly silent as to whether this was a ransomware incident or not. Nor are they saying whether data was actually exfiltrated. Their entire substitute notice can be found on their site, here.