Some employees’, students’ name, driver’s license number, health and financial information were illegally accessed through email accounts in the first half of 2021
VISALIA – Tulare County’s largest school district is notifying some of its 3,000 employees and 32,000 students that some of their personal information has been compromised.
On Dec. 30, Visalia Unified School District (VUSD) announced certain district-issued email accounts were illegally accessed during a data breach between Jan. 1 and June 3, 2021. VUSD said in a statement it identified the problem on June 6, 2021 and then conducted “a comprehensive review of the accounts, which was complete on or around December 3, 2021” to determine which email accounts were illegally accessed and what information was contained in those accounts. The result of the six-month investigation determined most of the information obtained was the name and medical information of the email account holder. In the case of 10 email accounts, information obtained also included the driver’s license number, financial account number, and health insurance information.
“Although VUSD is currently unaware of any actual or even attempted misuse of information, in an abundance of caution, VUSD is notifying individuals about the event so that they may take steps to protect their information,” the district’s statement read.
The district was unable to discuss how many accounts were hacked, if this was a ransomeware attack, if the district has paid any money to restore the data or if the district has made any settlement payments to victims whose personal data was obtained.
Kim Batty, public information officer for the district, said she was unable to provide answers until after VUSD’s cyber security consultant and legal team have gone through all the data involved in the questions.
VUSD did say it has implemented additional technical security measures, is reviewing and enhancing existing policies and procedures and providing employees with additional training on data security to avoid a similar event in the future.
“VUSD takes this incident and the security of information in its care very seriously,” the statement read.
VUSD encourages individuals to remain vigilant against incidents of identity theft and fraud and to review their account statements and free credit reports for suspicious activity and to detect errors. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also directly contact the three major credit reporting bureaus (Equifax, Experian and TransUnion) to request a free copy of their credit report.
Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If an individual is a victim of identity theft, the individual is entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should an individual wish to place a fraud alert, the individual may contact any one of the three major credit reporting bureaus listed below.
As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. To request a security freeze, individuals may need to provide some or all of the following information:
- Full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- Addresses for the prior two to five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible photocopy of a government-issued identification card (state driver’s license or ID card, etc.); and
- A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if an individual is a victim of identity theft.
Parents worried someone may have used the information to set up a credit file in their child’s name can search for the minor’s Social Security number, place a security freeze on your minor’s credit file, place a fraud alert on your minor’s credit report (if one exists), or request a copy of your minor’s credit report an individual may be required to provide some or all of the following information:
- A copy of the individual’s driver’s license or another government issued identification card, such as a state identification card, etc.;
- Proof of address, such as a copy of a bank statement, utility bill, insurance statement, etc.;
- A copy of your minor’s birth certificate;
- A copy of your minor’s Social Security card;
- Your minor’s full name, including middle initial and generation, such as JR, SR, II, III, etc.;
- Your minor’s date of birth; and
- Your minor’s previous addresses for the past two years.
The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-IDTHEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General.
If individuals have additional questions, they may contact VUSD’s dedicated assistance line at 1-833-365-2601, which is available 6 a.m. to 6 p.m. Monday through Friday. Individuals may also write to Visalia Unified School District at Attn: Human Resources Development Compliance Officer, 5000 W. Cypress Ave., Visalia, CA 93277, or by email at [email protected]
“VUSD regrets any inconvenience or concern this incident may cause,” the statement read. “VUSD remains committed to safeguarding the information in its care.”