On August 8, 2018, Mt. Diablo Unified School District suffered a data breach caused by a clerical error during email distribution. The incident exposed personal information of students from roughly 200 families, including names, addresses, phone numbers, permanent student identification numbers, grade levels, and HomeLink verification codes. While no financial or Social Security data was compromised, the breach still posed risks such as potential identity misuse, targeted phishing, or unauthorized access to student records. The exposed HomeLink verification codes could allow unauthorized individuals to access school-related accounts or services tied to those students. The breach was reported by the California Office of the Attorney General, highlighting administrative vulnerabilities in handling sensitive student data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-139646
TPRM report: https://www.rankiteo.com/company/mdusd
"id": "mdu151082025",
"linkid": "mdusd",
"type": "Breach",
"date": "8/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Approximately 200 families',
'industry': 'Education (K-12)',
'location': 'California, USA',
'name': 'Mt. Diablo Unified School District',
'type': 'Educational Institution'}],
'attack_vector': 'Clerical Error (Email Distribution)',
'data_breach': {'data_exfiltration': 'Yes (via unintended email distribution)',
'number_of_records_exposed': 'Approximately 200 families',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Moderate (no financial or SSN data, '
'but includes student IDs and contact '
'details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Educational Records']},
'date_detected': '2018-08-08',
'description': 'The California Office of the Attorney General reported that '
'Mt. Diablo Unified School District experienced a data breach '
'on August 8, 2018, affecting personal information of students '
'from approximately 200 families due to a clerical error in '
'email distribution. The information compromised included '
"students' names, addresses, phone numbers, permanent student "
'identification numbers, grade levels, and HomeLink '
'verification codes, but not financial or social security '
'information.',
'impact': {'data_compromised': ["Students' names",
'Addresses',
'Phone numbers',
'Permanent student identification numbers',
'Grade levels',
'HomeLink verification codes'],
'identity_theft_risk': 'Low (no financial or SSN data exposed)'},
'post_incident_analysis': {'root_causes': 'Clerical error in email '
'distribution (human error)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data '
'protection laws (e.g., '
'California Civil Code § '
'1798.82)'],
'regulatory_notifications': ['Reported to the '
'California Office of '
'the Attorney '
'General']},
'title': 'Mt. Diablo Unified School District Data Breach (2018)',
'type': 'Data Breach'}