The Dallas Independent School District (Dallas ISD) stated an unauthorized third party accessed their network, compromising sensitive personal data belonging to students and staff as far back as 2010. Dallas ISD confirmed that threat actors removed the data but informed the school it was not disseminated or sold to anyone. A member of Dallas ISD said more forensic analysis is needed in order to determine the full extent of the damage and compromised data. Dallas ISD operates 230 schools in North Central Texas that collectively teach 153,861 students. Stolen data belonging to employees or contractors included first and last names, addresses, phone numbers, Social Security numbers, dates of birth, dates of employment, salary information, and reasons for ending employment. Data pertaining to students comprised first and last names, Social Security numbers, dates of birth, parent or guardian contact information, and grades.
Analyst Notes
Dallas ISD has already started notifying affected individuals. The district is offering 12 months of credit monitoring and ID theft recovery services. Additionally, they have started a hotline to field questions from potentially affected individuals. Anyone who may have been a victim of a data breach should get confirmation from the district to find out exactly what information was stolen. Change and strengthen any online logins and implement multi-factor authentication. Financial and credit accounts should be monitored closely, and individuals should place a credit freeze on file with credit bureaus. Notifying banks or other financial institutions is helpful to prevent fraud when identity theft is suspected.
https://portswigger.net/daily-swig/dallas-independent-school-district-reports-data-breach-impacting-current-and-former-students-staff
