The Central School District experienced a data breach on November 4, 2019, where unauthorized access was gained to sensitive student and parent information. The incident was detected by Aeries, a third-party system, and did not involve the District’s own infrastructure. Compromised data included names, addresses, phone numbers, email addresses, and hashed passwords of parents and students. While no financial or highly sensitive records (e.g., Social Security numbers) were exposed, the breach posed risks such as identity theft, phishing attacks, and reputational harm due to the exposure of personal details. The breach was formally reported to the California Office of the Attorney General on May 29, 2020, nearly seven months after the initial incident. The delay in disclosure and the nature of the exposed data though not catastrophic highlighted vulnerabilities in third-party vendor security and the potential for downstream exploitation of personal information.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-190499
TPRM report: https://www.rankiteo.com/company/ccsd
"id": "ccs327091725",
"linkid": "ccsd",
"type": "Breach",
"date": "11/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Students and parents (number '
'unspecified)',
'industry': 'Education (K-12)',
'location': 'California, USA',
'name': 'Central School District',
'type': 'Educational Institution'}],
'data_breach': {'data_encryption': 'Partially (hashed passwords)',
'data_exfiltration': 'Potential (unauthorized access '
'confirmed)',
'personally_identifiable_information': ['names',
'addresses',
'phone numbers',
'email addresses'],
'sensitivity_of_data': 'Moderate to High (PII + credentials)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Authentication Data (hashed '
'passwords)']},
'date_detected': '2019-11-04',
'date_publicly_disclosed': '2020-05-29',
'description': 'The California Office of the Attorney General reported that '
'Central School District experienced a data breach on November '
'4, 2019, involving unauthorized access to student and parent '
'information. The breach, discovered by Aeries, did not '
'involve District systems, and the information potentially '
'accessed included names, addresses, phone numbers, email '
'addresses, and hashed passwords of parents and students.',
'impact': {'data_compromised': ['names',
'addresses',
'phone numbers',
'email addresses',
'hashed passwords'],
'identity_theft_risk': 'Potential (due to PII exposure)'},
'investigation_status': 'Disclosed (2020-05-29)',
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'third_party_assistance': 'Aeries (discovery)'},
'title': 'Central School District Data Breach (2019)',
'type': 'Data Breach'}