The Evergreen Union School District experienced a data breach on November 15, 2019, which was publicly reported by the California Office of the Attorney General on July 17, 2020. Unauthorized actors gained access to the Aeries Student Information System, exposing sensitive personal data of parents and students. The compromised information included names, home addresses, phone numbers, email addresses, and hashed passwords. While the breach did not involve financial records or highly sensitive identifiers like Social Security numbers, the exposure of personal details—particularly addresses and contact information—posed risks of identity theft, phishing attacks, and targeted scams against affected families. The incident highlighted vulnerabilities in the district’s cybersecurity measures, particularly in safeguarding student and parent data within third-party educational platforms. The delayed disclosure (over eight months after the breach) further raised concerns about transparency and incident response protocols. Although no evidence suggested the data was misused, the breach underscored the potential for reputational damage and eroded trust among parents, students, and the broader community. Schools, as custodians of minors' data, face heightened scrutiny when such incidents occur, emphasizing the need for robust data protection strategies in educational institutions.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-192107
TPRM report: https://www.rankiteo.com/company/evergreen-elementary-school-district
"id": "eve035091825",
"linkid": "evergreen-elementary-school-district",
"type": "Breach",
"date": "11/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Education (K-12)',
'location': 'California, USA',
'name': 'Evergreen Union School District',
'type': 'Educational Institution'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'data_encryption': 'Partially (hashed passwords)',
'data_exfiltration': 'Yes (implied by exposure)',
'personally_identifiable_information': ['names',
'home addresses',
'phone numbers',
'email addresses'],
'sensitivity_of_data': 'High (PII and hashed passwords)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Authentication Data']},
'date_publicly_disclosed': '2020-07-17',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Evergreen Union School District on July 17, '
'2020. The breach occurred on November 15, 2019, when '
'unauthorized access to the Aeries Student Information System '
'exposed parent and student names, home addresses, phone '
'numbers, email addresses, and hashed passwords.',
'impact': {'data_compromised': ['parent and student names',
'home addresses',
'phone numbers',
'email addresses',
'hashed passwords'],
'identity_theft_risk': 'Potential (due to PII exposure)',
'systems_affected': ['Aeries Student Information System']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws (e.g., '
'CCPA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Evergreen Union School District Data Breach',
'type': 'Data Breach'}