Between Feb. 11 and 12, an unauthorized person gained access to the district's computer network and took files that contained the personal information of an unknown number of people, including employees' dependents.
The district,which serves about 36,000 middle and high school students, initially would not say whether there had been a cybersecurity attack. When it did days after the breach, district officials said that only staff information had been affected and that student data was safe.
District officials did not respond to requests for comment. The district has not said how many people were potentially affected by the incident.
Employees and parents began receiving letters last week from the district informing them about the breach.
"We received the files that may have been taken and on May 12, 2023, unfortunately, we determined your personal information was included in the potentially taken files," read the June 21 district letter to teacher Katina Gonzalez-Rondeau. "Our review of those files found that they included your name and Social Security number."
Many took to social media to share their concerns and see who else in their community had been affected.
"My husband got one, too," said Kylie Kirkbride Kavanagh. "I'm worried about my kids information because if they snagged his information there's a good chance our kids were involved."
In a June 23 statement, the district said it has implemented safeguard and technical security measures "(t)o prevent something like this from happening again." It is unclear whether the district had any cybersecurity measures in place prior to the data breach and if it paid a ransom.
In March, the district hired three agencies, Baker & Hostetler LLP, Kroll and Cypfer, Inc., to investigate the incident and provide security advice for an amount not to exceed $75,000. Total costs are unknown, however, as the public contracts have redacted information about some service fees.
In April, the district also entered into an agreement with Logicalis for its duo multi-factor authentication software so that employees could prevent unauthorized access to district systems. According to the contract, the term of the software is for one year at a cost of $58,708.
The district said it is offering a one-year credit monitoring and identity theft protection service via a third party to those affected.
©2023 The San Diego Union-Tribune. Distributed by Tribune Content Agency, LLC.