Mount Diablo Unified School District

The Mount Diablo Unified School District in California suffered a data breach on September 14, 2020, due to a coding error in the SchoolMessenger application, which inadvertently exposed the contact information of parents and students. The breach was discovered and reported to the California Office of the Attorney General on October 20, 2020, though the exact number of affected individuals remains undisclosed.The incident involved the unauthorized disclosure of personal data, including names, email addresses, phone numbers, or other contact details tied to the school’s communication system. While no financial, medical, or highly sensitive information (e.g., Social Security numbers) was compromised, the exposure of such data poses risks of phishing, spam, or targeted scams against the affected families. The breach highlights vulnerabilities in third-party educational software and the potential consequences of misconfigured or poorly secured applications in handling student and parent data.The district did not specify whether the exposed data was accessed by malicious actors, but the incident underscores the need for strengthened data protection measures in educational institutions, particularly when relying on external platforms for critical communications.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-195323

TPRM report: https://www.rankiteo.com/company/mdusd

"id": "mdu002091825",
"linkid": "mdusd",
"type": "Breach",
"date": "9/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Education (K-12)',
                        'location': 'California, USA',
                        'name': 'Mount Diablo Unified School District',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Coding Error (Application Vulnerability)',
 'data_breach': {'personally_identifiable_information': ['Contact Information'],
                 'sensitivity_of_data': 'Moderate (Contact Information)',
                 'type_of_data_compromised': ['Contact Information']},
 'date_detected': '2020-09-14',
 'date_publicly_disclosed': '2020-10-20',
 'description': 'The California Office of the Attorney General reported that '
                'the Mount Diablo Unified School District experienced a data '
                'breach on September 14, 2020, affecting parents and students '
                'by inadvertently disclosing contact information through a '
                'coding error in the SchoolMessenger application.',
 'impact': {'data_compromised': ['Contact Information'],
            'systems_affected': ['SchoolMessenger application']},
 'post_incident_analysis': {'root_causes': ['Coding error in SchoolMessenger '
                                            'application']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Mount Diablo Unified School District Data Breach via '
          'SchoolMessenger Application',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Unspecified coding error in SchoolMessenger '
                            'application'}