As an unusual school year winds down, many parents and students have a new lesson to learn: what to do after the Aeries data breach impacted school districts throughout California. Aeries Software, a student data management system software used by over 600 K-12 public school districts, suffered a data breach after an unidentified and unauthorized person accessed an unknown amount of parent and student data.

According to the Notice of Data Breach that was sent to those affected by the data breach, Aeries became aware of unauthorized attempts to access information through the Aeries SIS. Security patches were deployed in December 2019. However, in January 2020, the software developer was notified that the database was previously accessed. In March 2020, it was determined that student and parent information had been accessed, including login information, physical addresses, emails and password hashes.

While it is unknown how many of the 600+ school districts have been affected, some of the districts that have submitted notification letters to the California Attorney General’s Office include Inglewood Unified School District, Lassen Union High School District, Kingsburg Elementary Charter School District, Laguna Beach Unified School District, Central School District, Rocklin Unified School District, Yucaipa-Calimesa Joint Unified School District, San Bernardino City Unified School District, Los Alamitos Unified School District, Monrovia Unified School District and Santa Barbara Unified School District.

Despite access to a limited dataset, if hackers manage to infiltrate any of the email accounts, they could potentially target other types of accounts like financial accounts, social media accounts and retail accounts that are linked to the email address. With email account information, hackers could also target victims with spam emails, phishing attempts and harmful software viruses.

While child identity theft most commonly occurs due to stolen Social Security numbers, which are believed to have not been exposed in the Aeries data breach, it is still important for parents and students to reset their passwords as soon as possible – as well as any other places that they may have used that same password. Parents and students are encouraged to make a change from passwords to passphrases that are nine to ten characters long. Passphrases are easier to remember and harder for hackers to break.

 

As of July 16, 2020, school districts impacted include: Inglewood Unified School District, Lassen Union High School District, Kingsburg Elementary Charter School District, Laguna Beach Unified School District, Central School District, Rocklin Unified School District, Yucaipa-Calimesa Joint Unified School District, San Bernardino City Unified School District, Los Alamitos Unified School District, La Habra City School District, Saddleback Valley Unified School District, El Dorado County Office of Education, Chino Valley Unified School District, Evergreen Union School District, Apple Valley Unified School District, San Leandro Unified School District, Yuba City Unified School District, Travis Unified School District, Washington Unified School District, Corning Union High School District, Lowell Joint School District, Tulare Joint Union High School District, Monrovia Unified School District, Santa Barbara Unified School District, Mt. Diablo Unified School District, Brea-Olinda Unified School District, Fairfield-Suisun Unified School District, ABC Unified School District, Beverly Hills Unified School District, Red Bluff Joint Union High School District, Adelanto Elementary School District, Riverdale Joint Unified School District and Santa Clara Unified School District.

If someone affected by the Aeries data breach believes their personal information is being misused, they are encouraged to file an ID Theft Report with the Federal Trade Commission and to contact all three credit reporting agencies to request free credit reports and to place a credit freeze. Affected minors will need a parent or guardian to request a credit report and freeze their credit.

Victims of the Aeries data breach can live-chat with and Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. They can also download the free ID Theft Help App to create a customized case log to track the activities around resolving their data breach case, have access to advisors, resources and more.


You might also like…

Purported LiveJournal Data Breach Leads to 26 Million User Records Being Stolen

Formjacking Tactics Used in FabFitFun Data Breach

Arbonne Data Exposure Compromises Thousands of Accounts