Morgan Hill Unified School District in California has disclosed a breach that occurred when an employee’s email account was accessed without authorization between September 11 and October 11, 2022. While the district’s investigation was able to confirm connections to the employee’s account during those dates, the investigation was not able to determine which specific emails or attachments were viewed or accessed by the unauthorized individual.
A copy of their notification to those affected, submitted to the California Attorney General’s Office on January 27, does not reveal exactly what data types were affected and whether it was employee data, student data, or both that may have been accessed without authorization. Nor does the notification explain whether this incident was a phishing incident or how the bad actor might have gotten access to the employee’s email account.
Those notified have been offered one-year membership in a credit monitoring program.
There does not seem to be any notice on the district’s website and the total number of those affected or notified was not disclosed in the notification letter. For the 2021-2022 school year, the k-12 district had more than 8,000 students enrolled and more than 320 full-time teachers.