News Update

Data breach affects more than 150 school districts across the country

Tuesday June 9, 5:30 p.m. 

More than 150 school districts throughout the United States were notified April 27 that their student information software provider Aeries Software had been breached, allowing an unauthorized person access to private student and parent information.

Though the breach was discovered in November 2019, the company didn’t notify school districts until April 27 — after law enforcement conducted an investigation and arrested the person responsible, according to an advisory sent last week to parents at Mt. Diablo Unified School District in Contra Cost County, California.  According to the state Attorney General’s Office website, similar notifications were issued in recent weeks to parents in unified school districts in San Bernardino City, Fairfield-Suisun, Inglewood, and Laguna Beach and Yucaipa-Calimesa Joint Unified School District.

The information accessed by the unauthorized person includes parent and students addresses, phone numbers, email addresses and “hashed” passwords — which are indecipherable to third parties, according to the advisories. Aeries has found no evidence that any of the information has been “misused.” The company said it has fixed the vulnerability in its system that allowed the person to access the information.