The San Luis Obispo County Office of Education reported that it suffered a data breach earlier this month.
Officials with the Office of Education said while there is no evidence that any “personally identifiable” information was leaked, the office shut down its servers while it and other organizations investigate the scope and depth of the breach.
Officials said they are now using an alternative method for payroll and are offering credit monitoring to employees at no charge as a precaution.
As of Friday evening, the Office of Education’s website was still offline.
“Most recently, the County Office of Education was attacked by cyber-criminals, trying to get private information out of a database, and then threatening to use it,” San Luis Obispo County District Attorney Dan Dow said.
District Attorney Dow said multiple agencies, including federal agencies, are helping the Office of Education investigate the data breach. Officials with the Office of Education also said they are working with state and federal emergency law enforcement officials and outside computer specialists in response to the data breach.
“To steal that information is a crime. To possess that information with the intent to use it is a crime, and then using it would be a separate crime,” Dow said. While there are many particular legal risks for hackers when stealing and attempting to use information, Dow said data breaches are tough to solve and prosecute.
The SLO County Office of Education is just the latest agency in California to suffer a data breach.
The California Public Employees’ Retirement System, CalPERS, also had a recent data breach. The organization reported this week that hackers stole the names, social security numbers and other confidential information of roughly 769,000 retirees and beneficiaries.
CalPERS is the largest public pension fund in the United States.
The California State Teachers’ Retirement System, CalSTRS, reported a data breach, as well.
“Things like the CalPERS attack are different [from the Office of Education breach] because [CalPERS is] a huge, massive data breach, and there’s almost nothing you can do about it,” Rick Copelan, president of the Better Business Bureau of the Tri-Counties, said.
So what do you do if you are the victim of a breach? Copelan said there are three steps to take.
“First, go to the Identitytheft.gov website. You click a button to report to them exactly what happened to you,” Copelan said. “Then, they will help you formulate a plan of how to recover from this attack,” Copelan continued.
Finally, “they help you put things together like a comprehensive list of the financial institutions, and other places that you need to contact,” Copelan said.