CA: San Juan Unified School District notifies parents of information security breach
Sharokina Shams reports:
Officials at a Sacramento school district are notifying parents that records containing personal identifying information were found at the Southern California home of a wire fraud suspect.
The San Juan Unified School District posted the information on its website Friday, one day after KCRA 3 informed the district that an FBI investigation had uncovered the materials at an address in Studio City.
How the records wound up there is still a mystery.
KCRA 3 uncovered the information in a criminal complaint filed by the FBI in federal court this week.
Read more on KCRA 3.
So the FBI uncovered evidence of a breach but didn’t notify the school district, who only found out from a diligent reporter? How many times have we seen this failure of the government to notify victims of a breach? When are we going to address this gap and assign responsibility to law enforcement to let victims know if their information is discovered in the course of a criminal investigation?
The district’s statement on their web site:
Important information about breach of District documents
According to a criminal complaint obtained by local media outlet KCRA 3, more than 50 “academic records” from San Juan Unified including personally identifiable information were found March 5 in a Southern California home. FBI agents recovered the documents when they served a search warrant in connection with a credit card fraud investigation. It’s unclear whether the documents in question relate to student, parent, employee or vendor personal information.
The matter was first brought to the attention of the District on March 6 when contacted by KCRA 3. In response the District is:
- Reaching out to the FBI and requesting additional information to identify the specific documents in question so the District can notify those impacted and determine how the documents might have made their way to the Southern California home;
- Reviewing the criminal report provided by KCRA 3 and checking all names, addresses and phone numbers for connections with students, parents, employees, or vendors;
- Notifying our community of the reported breach via messages on our Web site, employee intranet and upcoming e-newsletters.
- Committing to keeping our community informed of any developments and notifying those whose information may have been contained in the documents as that information is known.
“This report is very troubling and we are working to obtain additional information so that we can determine the details and scope of this breach,” said Interim Superintendent Kent Kern. “In recent years, we have worked hard to reduce the amount of personal information kept on file, such as social security numbers. We will continue that those efforts and work to ensure we are doing everything possible to prevent this type of incident from happening again.”
Identity theft and financial fraud continue to be a growing criminal problem. In 2012, an estimated 16.6 million people, or 7 percent of those over age 16 in the U.S., experienced identity theft or fraud according to U.S. Department of Justice statistics. Visit the California Attorney General’s Top 10 Tips for Identity Theft Protection or any of the resources linked below to see how you can protect yourself. If you find any evidence that you have been the victim of identity theft it is vital to notify your local police immediately.
Updates to this situation will be posted as they become available at http://www.sanjuan.edu/identitytheft. You may also call the Community Relations Office at (916) 979-8281 for updates or with questions.
FTC Consumer Website – http://www.consumer.ftc.gov/features/feature-0014-identity-theft
FDIC – http://www.fdic.gov/consumers/theft/National Crime Prevention Council – http://www.ncpc.org/topics/fraud-and-identity-theft/tips-to-prevent-identity-theft
California Office of the Attorney General – https://oag.ca.gov/idtheft
This is not the first breach involving this school district. In May 2011, thousands of employees discovered their information had been exposed online by an an employee who accidentally updated the data to her church’s website.