The Association of California School Administrators (ACSA) has notified approximately 55,000 individuals about a data breach resulting from a cyberattack. ACSA, serving over 17,000 California educators, discovered the breach in September 2023 when encrypted files were found in its environment, indicating a ransomware attack. An investigation revealed unauthorized access to ACSA systems, potentially compromising sensitive information such as Social Security numbers, payment card details, and medical records.
Exposed data included a range of personally identifiable information (PII) such as names, addresses, dates of birth, driver’s license numbers, and more. ACSA completed its investigation in May 2024, identifying the affected individuals and initiating notifications about the breach. While no evidence of identity theft or fraud has been found, impacted individuals are being offered 12-month credit monitoring services as a precautionary measure.
The incident has been reported to the Maine Attorney General, with approximately 54,600 people confirmed as affected. Despite ACSA not being associated with any known ransomware group, the breach underscores the pervasive threat of cyberattacks targeting educational institutions. The proactive response from ACSA highlights the importance of robust cybersecurity measures and prompt breach detection to mitigate risks to sensitive data and individuals’ privacy.
