An unknown ransomware actor has compromised the personally identifiable data of more than 50,000 Californian school administrators, their association told Maine’s Attorney General in a breach notice.
The Association of California School Administrators (ACSA), the largest association for school leaders in the United States, said it spotted the data breach in September 2023, when an unauthorized actor accessed and potentially exfiltrated sensitive data.
Association of California School Administrators Ransomware Attack Investigation
The association’s notice to the Maine Attorney General revealed that it had first detected “encryption activity” indicative of a ransomware attack in it’s computer environment on September 24, last year. No threat group has yet claimed responsibility for the attack.
This detection was followed by an investigation, aided by third-party cybersecurity experts who confirmed unauthorized access to various ACSA systems over two days after the initial access. The threat actor was found to have potentially accessed and stolen sensitive data from the compromised systems. The association also worked to validate the results of the investigation and locate missing address information.
After ACSA completed the process of validating and identifiying affected individuals on May 3, 2024, it then took up the task of notifying all potentially affected individuals on May 22.
ACSA informed the Maine Attorney General that approximately 54,600 individuals were impacted by the incident, including 14 Maine residents.
Individuals impacted by the breach were provided with specific details about the incident and the steps they could take to protect their personal information.
The compromised files were found to contain sensitive data such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, payment card information, medical information, health insurance details, tax IDs, student records (report cards and test scores), employer-assigned identification numbers, and online account credentials.
Recommendations and Additional Resources to Affected Individuals
In response to the breach, ACSA began notifying federal law enforcement, implemented additional security measures such as training of its employees, and provided relevant guidance to the affected individuals on protecting themselves from associated risks such as identity theft and fraud.
The association stated that there was no evidence of identity theft or fraud resulting from the event. However, as a precautionary measure, it is offering credit monitoring services for 12 months to the affected individuals at no cost.
These services include credit and CyberScan monitoring, a million-dollar insurance reimbursement policy, and fully managed identity theft recovery services. ACSA encouraged affected individuals to opt for enrolment into these services before the deadline set for August 22, 2024.
ACSA advises all affected individuals to monitor their accounts and credit reports for any unauthorized activity, stating that it took the privacy and security of sensitive information within its care seriously and regretted any inconvenience stemming from the incident to individuals.
The guidance also offered instructions on reporting suspicious activity to banks and credit card companies, placing fraud alerts and credit freezes on credit files, and obtaining free credit reports available under U.S. law.
ACSA is also encouraging individuals to contact the Federal Trade Commission, state attorneys general, and law enforcement to report any incidents of identity theft.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
