Mt. Diablo Unified School District

On April 27, 2017, the Mt. Diablo Unified School District experienced a data breach due to a software malfunction, as reported by the California Office of the Attorney General on May 19, 2017. The incident allowed approximately 600 families to inadvertently access another student’s personal information for one hour. While the exposure was temporary, it involved unauthorized access to sensitive student data, raising concerns about privacy violations and potential misuse of personal details. The breach did not involve ransomware, cyberattacks, or external hackers but was a result of an internal system vulnerability that led to unintended data exposure. No evidence suggested that the accessed data was copied, stolen, or exploited further, but the incident highlighted weaknesses in data protection protocols within the district’s digital infrastructure. The affected information likely included student records, though the exact nature of the exposed data (e.g., names, addresses, academic details) was not explicitly disclosed. The district took corrective measures, but the breach underscored the need for strengthened access controls and real-time monitoring to prevent similar occurrences in educational institutions handling sensitive student information.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-68975

TPRM report: https://www.rankiteo.com/company/mdusd

"id": "mdu953091725",
"linkid": "mdusd",
"type": "Breach",
"date": "4/2017",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '600 families',
                        'industry': 'Education (K-12)',
                        'location': 'California, USA',
                        'name': 'Mt. Diablo Unified School District',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Software Malfunction',
 'data_breach': {'data_exfiltration': 'No (Inadvertent Access Only)',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'Moderate (Student Records)',
                 'type_of_data_compromised': 'Personal Information (Students)'},
 'date_detected': '2017-04-27',
 'date_publicly_disclosed': '2017-05-19',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Mt. Diablo Unified School District on May '
                '19, 2017. The breach occurred on April 27, 2017, when '
                'approximately 600 families were able to inadvertently access '
                "another student's personal information for one hour due to a "
                'software malfunction.',
 'impact': {'brand_reputation_impact': 'Potential (Minor)',
            'data_compromised': 'Student Personal Information',
            'downtime': '1 hour',
            'identity_theft_risk': 'Low (Limited Exposure)'},
 'investigation_status': 'Reported (No Further Details)',
 'motivation': 'Accidental (No Malicious Intent)',
 'post_incident_analysis': {'root_causes': 'Software Malfunction (Unauthorized '
                                           'Data Access Control Failure)'},
 'references': [{'date_accessed': '2017-05-19',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'California Office of '
                                                       'the Attorney General'},
 'response': {'communication_strategy': 'Public Disclosure via California AG '
                                        'Office'},
 'title': 'Mt. Diablo Unified School District Data Breach (2017)',
 'type': 'Data Breach (Unauthorized Access)'}