The Brea-Olinda Unified School District (BOUSD) experienced a data breach on November 4, 2019, reported by the California Office of the Attorney General on June 8, 2020. Unauthorized actors gained access to the Aeries Student Information System, compromising sensitive data including parent and student login credentials, physical addresses, email addresses, and password hashes. While the breach exposed personally identifiable information (PII), there was no confirmed misuse of the stolen data at the time of reporting. The incident highlights vulnerabilities in educational institutions' cybersecurity measures, particularly in safeguarding student and parent data from external threats. The exposed password hashes, if cracked, could enable further unauthorized access, though no evidence of such exploitation was documented. The breach underscores the risks associated with inadequate protection of student information systems, which are prime targets for cybercriminals seeking to exploit personal and academic records.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-190720
TPRM report: https://www.rankiteo.com/company/brea-olinda-unified-school-district
"id": "bre719090125",
"linkid": "brea-olinda-unified-school-district",
"type": "Breach",
"date": "11/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Education (K-12)',
'location': 'Brea, California, USA',
'name': 'Brea-Olinda Unified School District (BOUSD)',
'type': 'Educational Institution'}],
'data_breach': {'data_exfiltration': 'Potential (unauthorized access '
'confirmed)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, credentials)',
'type_of_data_compromised': ['login credentials',
'personal identifiable '
'information (PII)',
'password hashes']},
'date_detected': '2019-11-04',
'date_publicly_disclosed': '2020-06-08',
'description': 'The California Office of the Attorney General reported a data '
'breach involving the Brea-Olinda Unified School District '
'(BOUSD) on June 8, 2020. The breach occurred on November 4, '
'2019, and involved unauthorized access to the Aeries Student '
'Information System, potentially exposing parent and student '
'login information, physical addresses, email addresses, and '
'password hashes, though no evidence suggests misuse of '
'specific data.',
'impact': {'data_compromised': ['parent and student login information',
'physical addresses',
'email addresses',
'password hashes'],
'identity_theft_risk': 'Potential (no evidence of misuse)',
'systems_affected': ['Aeries Student Information System']},
'initial_access_broker': {'high_value_targets': ['Aeries Student Information '
'System']},
'investigation_status': 'Disclosed; no evidence of data misuse reported',
'references': [{'date_accessed': '2020-06-08',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Brea-Olinda Unified School District (BOUSD) Data Breach',
'type': 'Data Breach'}