The Association of California School Administrators (ACSA) is informing nearly 55,000 individuals that their information may have been compromised as a result of a cyberattack.
ACSA describes itself as the largest umbrella association for school leaders in the United States, serving more than 17,000 California educators, including superintendents, principals, vice-principals, and classified managers.
The incident occurred last year. ACSA discovered on September 24, 2023, that some files in its environment had been encrypted, which indicates that the organization was targeted in a ransomware attack.
An investigation revealed that a threat actor had gained access to ACSA systems between September 23 and 24, and they accessed and possibly exfiltrated certain types of information.
The exposed files contained information such as name, address, date of birth, Social Security number, driver’s license number, payment card information, medical information, health insurance information, tax ID, student report card and test score, employer-assigned identification number, and online account credentials.
ACSA completed its investigation and identified the impacted individuals in early May 2024, when it started notifying them about the data breach.
The organization told the Maine Attorney General that roughly 54,600 people are affected.
ACSA said it found no evidence of “any actual or attempted identity theft or fraud as a result of this event”, but impacted individuals are being provided credit monitoring services for 12 months.
The Association of California School Administrators does not appear to have been listed on the website of any known ransomware group.
Related: Ransomware Leads to Nantucket Public Schools Shutdown
Related: Computer Attack Disables California School District’s System
Related: K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs
Related: 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse