The California Office of the Attorney General disclosed a data breach affecting **KIPP SoCal Public Schools**, occurring between **October 3, 2019, and June 2, 2020**. The incident stemmed from **unauthorized access to a publicly accessible GitHub repository**, which exposed sensitive student information. Compromised data included **names, addresses, birth dates, race/ethnicity, primary language, and primary disability status**. The exact number of impacted individuals remains undetermined, but the breach posed significant privacy risks, particularly for minors and vulnerable groups. The exposure of such personal details increases the likelihood of **identity theft, targeted phishing, or discriminatory profiling**, given the sensitivity of the leaked attributes. The breach highlights critical lapses in **data access controls and third-party platform security**, as the information was inadvertently made public on a widely used code-hosting service. While no ransomware or direct financial fraud was reported, the long-term reputational and trust-related consequences for the educational institution could be severe, especially given its responsibility for safeguarding student data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-190871
TPRM report: https://www.rankiteo.com/company/kippsocal
"id": "kip624090125",
"linkid": "kippsocal",
"type": "Breach",
"date": "10/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (Students)',
'industry': 'Education (K-12 Public Charter Schools)',
'location': 'Southern California, USA',
'name': 'KIPP SoCal Public Schools',
'type': 'Non-Profit Educational Organization'}],
'attack_vector': 'Unauthorized Access (Publicly Accessible GitHub Repository)',
'data_breach': {'data_exfiltration': 'Yes (Unauthorized Access)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Addresses',
'Birth Dates',
'Race/Ethnicity',
'Primary Language',
'Disability Status'],
'sensitivity_of_data': 'High (Includes PII of Minors)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Student Records']},
'date_detected': '2020-06-02',
'date_publicly_disclosed': '2020-06-12',
'description': 'The California Office of the Attorney General reported a data '
'breach involving KIPP SoCal Public Schools on June 12, 2020. '
'The breach occurred between October 3, 2019, and June 2, '
'2020, due to unauthorized access to student information on a '
'publicly accessible GitHub page, potentially affecting '
'student names, addresses, birth dates, race/ethnicity, '
'primary language, and primary disability.',
'impact': {'brand_reputation_impact': 'Potential Reputation Damage (Education '
'Sector)',
'data_compromised': ['Student Names',
'Addresses',
'Birth Dates',
'Race/Ethnicity',
'Primary Language',
'Primary Disability'],
'identity_theft_risk': 'High (PII Exposed)',
'systems_affected': ['GitHub Repository']},
'investigation_status': 'Disclosed; Number of Affected Individuals Unknown',
'post_incident_analysis': {'root_causes': 'Improper Access Controls on Public '
'GitHub Repository'},
'references': [{'date_accessed': '2020-06-12',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential FERPA (Family '
'Educational Rights and '
'Privacy Act) Violation',
'California Consumer '
'Privacy Act (CCPA) - If '
'Applicable'],
'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public Disclosure via California AG '
'Office'},
'title': 'Data Breach at KIPP SoCal Public Schools via Unauthorized GitHub '
'Access',
'type': 'Data Breach',
'vulnerability_exploited': 'Improper Access Control (Publicly Exposed '
'Sensitive Data)'}