The California Office of the Attorney General disclosed a security incident involving the Mt. Diablo Unified School District on December 1, 2012, when a password-protected but unencrypted computer was stolen during a burglary. The device contained personal information of current and former employees, including highly sensitive data such as names, dates of birth, home addresses, and Social Security numbers (SSNs). While the computer was password-protected, the lack of encryption left the data vulnerable to unauthorized access if the password was bypassed. The incident was formally reported on December 12, 2012, highlighting a significant risk of identity theft, financial fraud, or misuse of the exposed employee records. The breach underscored the district’s failure to implement adequate safeguards (e.g., encryption) for storing sensitive personnel data, potentially exposing affected individuals to long-term harm.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-37238
TPRM report: https://www.rankiteo.com/company/mdusd
"id": "mdu012091825",
"linkid": "mdusd",
"type": "Breach",
"date": "12/2012",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Education (K-12)',
'location': 'California, USA',
'name': 'Mt. Diablo Unified School District',
'type': 'Educational Institution'}],
'attack_vector': 'Physical Theft (Burglary)',
'data_breach': {'data_encryption': 'No (device was unencrypted)',
'data_exfiltration': 'Yes (via physical theft)',
'personally_identifiable_information': ['names',
'dates of birth',
'addresses',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2012-12-01',
'date_publicly_disclosed': '2012-12-12',
'description': 'The California Office of the Attorney General reported that '
'the Mt. Diablo Unified School District experienced a burglary '
'on December 1, 2012, which resulted in the theft of a '
'password-protected, unencrypted computer containing personal '
'information of employees and former employees, including '
'names, dates of birth, addresses, and Social Security '
'numbers.',
'impact': {'data_compromised': ['names',
'dates of birth',
'addresses',
'Social Security numbers'],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['1 password-protected, unencrypted computer']},
'post_incident_analysis': {'root_causes': ['Physical security failure',
'Lack of encryption for sensitive '
'data']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General '
'(as required by state '
'law)'},
'response': {'law_enforcement_notified': 'Yes (reported to California Office '
'of the Attorney General)'},
'title': 'Mt. Diablo Unified School District Data Theft (2012)',
'type': 'Data Breach (Physical Theft)',
'vulnerability_exploited': 'Unencrypted device with sensitive data (despite '
'password protection)'}