The following letter is from the Mt. Diablo Unified School District:
Dear Parent or Guardian of a student at MDUSD:
Mt. Diablo Unified School District (“MDUSD”) takes the responsibility of safeguarding the confidentiality and security of student and parent information very seriously. This letter is to inform you of a recent incident that involved your data. The information detailed below will explain the incident, actions taken, and steps you can take in response.
What Happened?
On April 27, 2020, Aeries Software notified over 150 school districts, including ours, that their system had been breached. MDUSD uses the Aeries Student Information to provide students and their parents access to information on school events, schedules, etc.
Aeries learned in late November of 2019, that an unauthorized individual exploited a vulnerability in the Aeries software that would allow access to private student and parent information. Once discovered, Aeries notified law enforcement and together launched an investigation. As of today,the individual responsible for this breach is in custody.
What Information Was Involved?
Aeries informed MDUSD that the information accessed by this individual had parent and/or student address, phone number, email and hashed password (which is a form of rendering the password indecipherable to third parties).
What Can You Do?
Aeries has no evidence that any of your personal information has been misused.
MDUSD wants to let you know that this happened and to assure you we take this data breach very seriously. Although the password itself was not accessed, there is a possibility that someone with enough time and skill could decipher the password. Being aware of this and out of an abundance of caution, MDUSD will be implementing a mandatory password policy for all parent and student portal accounts. In addition, if you use the same password for other online accounts, we suggest changing the password on those accounts as well.
What MDUSD is Doing
MDUSD understands how important protecting privacy and the security of your personal information is and we regret any inconvenience this may have caused you. Aeries has installed the necessary software patch to remedy the vulnerability that allowed the unauthorized person to access Aeries.
In addition, MDUSD and Aeries Software are reviewing our existing policies and procedures to alleviate any risk associated with this incident and to better prevent any unforeseen future incidents. To assure that all Aeries Portal users have a strong password, MDUSD will be implementing a mandatory password change policy. Details and the effective date of the mandatory password change policy will be sent to your associated email account.
Again, we apologize for any inconvenience or undue worry this has caused. For questions, please contact the Aeries Held Desk at aerieshelpdesk@mdusd.org; https://www.mdusd.org/homelink or (925) 682-8000 ext. 4105 option 1.
25 comments
You can find that same info on anyone basically with google, so no biggie. I feel bad for institutions that have to report these incidents when all that was compromised was basically public information to begin with, in my opinion. No real harm done here.
No biggie? In addition to personal information they also have a student photo in the database. Contrary to popular belief not all parents put their kids pics on social media.
Anything that involves the security of kids info IS a biggie IMO.
“I feel bad for institutions” Give me a break. Why don’t they just do a better job at keeping the information secure in the first place?Amateur hour.
@Janon – Sure, because teens always place their name and home address on the Internet and their parents have no problem with their minor children’s data being sold to the highest bidder,
Are you for real? You have no idea what you are talking about. Student IDs were compromised as well.
The data breach is serious even if you do not think so. Everyone’s life experience is not the same. There are those who want to keep their addresses and information private because of stalkers or violent ex-spouses.
I didn’t think of that, but LOVE your tact. Congratulations.
Man am I glad MDUSD is so good at what they are doing, jesus.
@Mamba. If you read closely, Aeries is the company that provides attendance tracking software to multiple districts. In this instance MDUSD was not at fault.
They have an individual In custody? Was that a typo?
The breach was in November 2019, the school district was informed in late April 2020 and the public is being informed six weeks later.
Why the delay?
Because as they say in their opening statement…
Mt. Diablo Unified School District (“MDUSD”) takes the responsibility of safeguarding the confidentiality and security of student and parent information very seriously.
…doesn’t they are committed to delivering the information in a timely manner, that would make too much sense.
That was my initial question as well. This delay is unacceptable! Parents should have been notified of a possible breach as soon as MDUSD was informed. Most parents, except obviously Janon above, would take extra steps to protect their children. The district needs to answer as to why it took so long to make this announcement. By the way, as a district parent, I have yet to receive any notice of this. Thanks to Claycord for doing what MDUSD should have already done!!
I really don’t see how any parent could let their child attend school in this district.
Seriously?! I can’t even. 🤦🏽
It’s true MDUSD is generally going down the tubes, but there are few options in this area other than private Catholic school. The public has the right to demand more from MDUSD, but the way local demographics are going, there may not be a lot they can do. Intra-district transfers are hurting some schools, but everyone wants to be fair, so kids are allowed to attend schools outside the school’s feeder zone, which causes overcrowding and program degradation at the most desirable schools.
Great so now the dark web has access to my children’s info including address. A target for pedos. This is ridiculous.
FYI, Aeries is an outside software system that MDUSD uses, not a district originated program. “On April 27, 2020, Aeries Software notified over 150 school districts, including ours, that their system had been breached.” So if you want to bash, perhaps redirecting your energies toward Eagle Software would be more appropriate.
At face value, it appears Aeries tried to keep the breach secret, releasing a patch in December 2019 but not informing school districts of the breach. But in January, one of the school districts informed Aeries that their data may have been breached (good for their IT people) so the cat was out of the bag and Aeries informed their customers over three months later. How proactive of them. Yes, it’s on Aeries. 100%. But parents have the right to expect immediate notification of any data breach that affects their minor children. This is not up for debate. They should have been notified immediately. There must be immediate, 100% transparency of anything that affects a parent’s minor children.
I don’t know what is worse, violation of California law that all data breaches must be made public within 72 hours of being discovered or the fact MDUSD renewed the Aeries program without disclosing any of this in the public meeting
Even Fortune 50 companies and the CIA have had data breaches in recent years. School district could have an army of security staff and would not have been able to prevent a third party data breach like this. You should take your anger out on the criminals who breached the system not the underfunded IT staff of the county. Do you blame a bank when criminals breach their physical branch and commit a robbery …. anger is so misplaced these days it’s sad times.
Why the delay from the District informing parents of the breach? That part is on them.
Agree. pitchfork holding chanters all over claycord.
why the delay
weeeeellllll
you see with chaos and confusion they can throw these things out there and because of the volatile situation no one can complain
so get ready for lots of things being posted that went wrong and or put your information out there
its like when its a cloudy day and the chemical plants blow out olts of chemical smoke that mimics the clouds that day
its all a scam in this state every entity besides the hard working American is scamming you
so good you even cote to be scammed
its a great approach that has been used to manipulate voters into giving up their civil liberties to bums and illegals and criminals
while the state unleashes them 3500 at a time to prey on you
and you enjoy it enough to keep voting for more
so enjoy the chaos
our children will have to suffer through your decisions of socialist communist government but ehhh what ever right you chose this path
you must know better …I mean we are all better and achieving greatness because of democrat regime
you have new cars and homes and a nice savings and college fund for your children so who cares if our civil liberties are being taken away
yay for us we are tools of the democrat regime …..at least rioters are being treated nicely at our expense …..an yay they are going to get rid of police
so they can install their own police …….just wonderful and productive
wow this new era is swell and just …and such a fun time
maybe china will make a new virus to help us relate to animals better and oh yeah guard rails need mentioning and oh the freezer too
change for good is what we make out of lemons thrown at us by china
woooooot
Sounds to me the school districts need to work together and find a new software company. #1 priority should be the security of their system that will protect their kids.
Why couldn’t the MDUSD notify parents back in 2019 when it first happened? I’m sick and tired of the lack of transparency and lack of communication. Thank goodness I’ve only got one more child to get through high school.
You did actually read the whole article?
but I would suggest the end of April of this year til now is too long.
And… I did mention this to a friend/mdusd parent who said first they heard of it… no letter in the mail… no robo-call… can’t even find it on the mdusd website…
Comments are closed.