On June 17, 2020, the California Office of the Attorney General disclosed a data breach affecting the Aeries® Student Information System, which occurred on November 4, 2019. The incident exposed sensitive personal information of 1,000 individuals, including parent and student login credentials, physical residence addresses, email addresses, and password hashes. While the breach did not involve financial data or highly classified records, the exposure of login details and residential addresses poses risks of identity theft, phishing attacks, and unauthorized account access.The compromised data, though not directly financial, could enable malicious actors to target individuals through credential stuffing or social engineering, potentially leading to further unauthorized access to linked accounts. The breach underscores vulnerabilities in educational data systems, where student and parent information is often stored with inadequate safeguards. Following the incident, the organization implemented additional security measures, though the exact nature of these improvements was not detailed. The breach highlights the broader challenge of securing student information systems, which are frequent targets due to the volume of personal data they manage.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-191009
TPRM report: https://www.rankiteo.com/company/el-dorado-county-office-of-education
"id": "el-358082025",
"linkid": "el-dorado-county-office-of-education",
"type": "Breach",
"date": "11/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,000 individuals',
'industry': 'Education',
'location': 'California, USA',
'name': 'Aeries® Student Information System',
'type': 'Education Technology Provider'}],
'data_breach': {'data_exfiltration': 'Potential (not explicitly confirmed)',
'number_of_records_exposed': '1,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII and credentials)',
'type_of_data_compromised': ['Login credentials',
'PII (physical addresses, email '
'addresses)',
'password hashes']},
'date_publicly_disclosed': '2020-06-17',
'description': 'The California Office of the Attorney General reported a data '
'breach involving the Aeries® Student Information System. The '
'breach occurred on November 4, 2019, potentially exposing '
'Parent and Student Login information, physical residence '
'addresses, email addresses, and password hashes. A total of '
'1,000 individuals were affected, and additional security '
'measures have been implemented.',
'impact': {'data_compromised': ['Parent and Student Login information',
'physical residence addresses',
'email addresses',
'password hashes'],
'identity_theft_risk': 'Potential (due to exposed PII)',
'systems_affected': ['Aeries® Student Information System']},
'post_incident_analysis': {'corrective_actions': 'Additional security '
'measures implemented'},
'references': [{'date_accessed': '2020-06-17',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'remediation_measures': 'Additional security measures '
'implemented'},
'title': 'Data Breach in Aeries® Student Information System',
'type': 'Data Breach'}