Unauthorized person baited staff with phishing emails to collect credentials to log into San Diego Unified School District’s network services. Data breach exposed personal information belonging to over half a million students going back the 2008-2009 school year, parents, and staff members of the district. The attacker could also view student enrollment information such as schedule, health data, schools of attendance, transfer information, recorded legal notices, and attendance data. Extra security measures have been implemented to resist against similar attacks in the future, SDUSD says.
Source: https://www.bleepingcomputer.com/news/security/info-on-over-500-000-students-and-staff-exposed-in-san-diego-school-district-hack/