Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Steals Ten Years Worth of Data From San Diego School District (zdnet.com)

Posted by msmash on from the security-woes dept.

A hacker has stolen the personal details of over 500,000 San Diego Unified School District staff and students, the district revealed in a breach notice posted on its website Friday. From a report: The breach occurred because the attacker gained access to staff credentials via a tactic known as phishing -- sending authentic-looking emails that redirect users to fake login pages were attackers collect login credentials. The attack didn't go unnoticed. Some staff reported the funny-looking emails to IT staff, who investigated and eventually discovered the breach in October this year. District officials said the hacker had access to its network between January 2018 and November 1, 2018, but that he stole student and staff data going back to the 2008-2009 school year.

82 comments

  1. Surprising by Anonymous Coward · · Score: 0

    That district has always been managed well. The problem is likely that network traffic is routed through equipment known to be targets of hackers and pirates. I heard they will be upgrading their network after the new year. Side note: the principal of the high school gives very nice talks on cable access TV.

    1. Re:Surprising by Anonymous Coward · · Score: 1

      Maybe you could read all the way to the second sentence of the summary to see how they did it - it had nothing to do with network equipment.

    2. Re:Surprising by Anonymous Coward · · Score: 1

      The problem is that it's accessible, attractive and people being naive idiots who value convenience over security at every turn combined with a distinct lack of respect for the people whose information gets handled.

      Systems like these should be air-gaped, and access to the information should be on a strictly need to know basis, an audit trail of who accessed it, when and why, and heavy punishments for transgressors.

    3. Re:Surprising by Anonymous Coward · · Score: 0

      still better then the days where you need just dial in and use password witter down in school office.

    4. Re:Surprising by Scarletdown · · Score: 2

      Is it PENCIL again?

      --
      This space unintentionally left blank.
    5. Re:Surprising by Anonymous Coward · · Score: 0

      Stop watching War Games. You're an asshole and you don't get to appropriate my decade.

  2. Hope she is doing some research with it by Anonymous Coward · · Score: 0

    Hope she is doing some research with it, with a fake analysis. Maybe she can get away with it then ... "I needed some data for my thesis in sociology". Maybe, something along those lines.

  3. What is of real value? by jellomizer · · Score: 1

    I am trying to figure what is so valuable of 10 years of school district data? Perhaps some bank information to pay teachers with direct deposit.
    What are you planning to do, blackmail students to show they were put into detention 10 years ago, for fighting or talking up to a teacher. Or the fact that you had failed English back in 2001. Most of the data in a school is public information anyways.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:What is of real value? by Immerman · · Score: 1

      The lifetime educational records of a bunch of up-and-coming suckers^H^H^H^H^H consumers, mostly with practically no experience in making financial decisions on their own? Nope, can't think of anyway that could be monetized.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    2. Re:What is of real value? by jwhyche · · Score: 4, Insightful

      Names, Addresses, Social Security Numbers, phone numbers, etc etc etc. Any of this information is useful to identity thieves. It really doesn't mater how old it is as long as it can be used to link someone to something at some time. Some things like social security numbers and names never change. Things like past addresses and phone numbers can be used to link someones identity over time.

      I'm kind of surprised a school hasn't been hit yet. I would imagine compared to banks and credit unions they would be soft targets security wise.

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
    3. Re:What is of real value? by Anonymous Coward · · Score: 0

      there's enough data in school records to use and abuse these students' credit, as well as that of their parents. they will forever be spearphishing targets wherever they end up working, as well.

      when will companies and organizations learn.. KEEP SHIT OFF THE INTERNET THAT DOESN'T ABSOLUTELY NEED TO BE THERE. student records fall under that. there is absolutely no need to have them online. none.

      host yourself on a separate intranet that is inaccessible from the 'outside'. yes, that means actually having someone on staff that resembles some sort of IT director and having at least a functional IT budget, instead of just outsourcing to the lowest bidder and/or 'cloud' provider.

    4. Re:What is of real value? by drjoe1e6 · · Score: 1

      I am trying to figure what is so valuable of 10 years of school district data?

      If the student data has birth dates and SSNs, it could be used to open fraudulent credit card accounts. Medical identity theft is a possibility too. Ten years of data? Some of these "kids" are adults now, and looking to finance cars and houses. They may have some serious hassles ahead.

      --
      Lose = not win ...... Loose = not tight
    5. Re:What is of real value? by Anonymous Coward · · Score: 1

      Some things like social security numbers and names never change.

      Social security numbers are fairly static, but names change with damned near every marriage. Still, it's hugely valuable data, which ties into....

      Things like past addresses and phone numbers can be used to link someones identity over time.

      Addresses are massively useful, given "stringent" verification of identity mainly consists of, "WHICH ADDRESS DID YOU FORMERLY LIVE AT LOLOLOLOL" questions.

    6. Re:What is of real value? by I75BJC · · Score: 1

      This information is great for creating false identities and fraudulently acquiring authentic Governments' documents. How many people in the USA have passports? Many a lot more now! DOB, SSNs, are all that's needed to get Birth Certificates and BCs are all that are only official documents needed for USA Passports. Photos, home addresses can all be faked. (What a dumb question from the OP who asked about the use of this "old" info. Don't you watch TV?)

    7. Re:What is of real value? by jellomizer · · Score: 1

      I still fail to see why my educational records in elementary school would be any value.
      Every year my teachers would say, You will not be able to make it threw the next level of schooling. (They stopped telling me that in Grad School) Mainly due to the fact that I have mild dyslexia, and my writing (still) sucks, where if I am able to express my thoughts via other media I do actually very well. Also I see a lot of A students in my Facebook friends who are in much worse conditions then I am, and are barely making it.
      Being that the Data is over 10 years old, who know what the kids are doing now.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    8. Re:What is of real value? by PastBlast · · Score: 1

      There were some SSNs in the mix so you have identity theft. There are viewable paychecks so you have account numbers and routing number. There is salary information so you have extortion or accept the fallout of the employees information being published. There is student discipline data so now you have gross FERPA violations and lawsuits if it goes public.

    9. Re:What is of real value? by Anonymous Coward · · Score: 1

      Names, Addresses, Social Security Numbers, phone numbers, etc etc etc. Any of this information is useful to identity thieves. It really doesn't mater how old it is as long as it can be used to link someone to something at some time. Some things like social security numbers and names never change. Things like past addresses and phone numbers can be used to link someones identity over time.

      I'm kind of surprised a school hasn't been hit yet. I would imagine compared to banks and credit unions they would be soft targets security wise.

      They ARE easy targets. I work for a school district in a systems engineer position. Posting as AC because I don't need my real name or username visible. It is incredible how many people in upper administration of my district fall for this shit EVERY. GODDAMN. TIME. (Even people who work closely with the superintendent) They send their actual credentials almost every time. They never learn because they don't fucking want to. On top of that, the IT department for my district is run like...like nothing matters unless it can personally profit for the big guys at the top. No one understands security here. Even the web devs write pages with basic SQL injection vulnerabilities. I have no clue how we haven't been hit yet. But even if we have, security is so lax we wouldn't even know it.

    10. Re:What is of real value? by Type44Q · · Score: 1

      I'm kind of surprised a school hasn't been hit yet.

      You really think this was the first time??

    11. Re: What is of real value? by illiac_1962 · · Score: 1

      Quick, someone alert the authorities...hackers stole public records!!

    12. Re:What is of real value? by CrimsonAvenger · · Score: 1

      Every year my teachers would say, You will not be able to make it threw the next level of schooling. (They stopped telling me that in Grad School)

      If you can't spell "through" yet, they obviously shouldn't have stopped telling you that in Grad School....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
    13. Re: What is of real value? by Anonymous Coward · · Score: 0

      Oh you must be quick. You are aware that in San Diego all the students do is play in the sun and sand. They get extra long holiday breaks too

    14. Re:What is of real value? by e3m4n · · Score: 1

      Thats 500,000 more illegals whenever the SSN getd of age to vote, drive, etc.

    15. Re:What is of real value? by CaptainDork · · Score: 1

      Phishing should have been so dead, so many years ago. It's a goddam computer. Walk the path of the phishing, and analyze the progression and respond with, "This is not going to turn out well, so I'm not going to allow it until an IT person gets here and authorizes it."

      --
      It little behooves the best of us to comment on the rest of us.
    16. Re: What is of real value? by Anonymous Coward · · Score: 0

      > if I am able to express my thoughts via other media I do actually very well

      Is it possible that you don't express your thoughts well on social media, and its just normal now to not correct people on social media? (For whatever reason.)

    17. Re:What is of real value? by Jason+Levine · · Score: 4, Interesting

      Don't underestimate how little companies might check information before opening a line of credit. When my identity was stolen, the thieves opened a credit card in my name. They had the name, address, SSN, and date of birth right, but the mother's maiden name wasn't even close. This is billed as a "security question," but failing this didn't stop Capital One from opening a card in my name for the identity thieves.

      In my case, I found out about it due to a fluke. The thieves paid for rush delivery of the card and THEN changed the address to their own. The rush delivery processed first and the card came to me. Had that processing switched, they would have gotten the card, racked up a ton of debt in my name, and I would have only found out about it when the collections agencies banged down my door telling me to repay what "I" charged.

      For the credit card company, dealing with this was as simple as writing it off as fraud and closing the account. For me, it meant dealing with the fallout and freezing my credit permanently (only thawing it when I want to open a new account). Credit Card companies have almost zero incentive to prevent identity theft.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    18. Re:What is of real value? by Joe_Dragon · · Score: 1

      they stopped that around the time not college material was drooped. Around the time of NCLB

    19. Re:What is of real value? by Scarletdown · · Score: 1

      Perhaps they think the Permanent Record is real and info they can leverage.

      --
      This space unintentionally left blank.
    20. Re:What is of real value? by Tokolosh · · Score: 1

      If you give out your information, count on it being stolen. The solution is not to give it out in the first place. AFAIK, it is not legally required to give a SSN to enroll in public school.

      When people or businesses ask for my SSN, I refuse. One doctor insisted, so I took my business elsewhere.

      --
      Prove anything by multiplying Huge Number times Tiny Number
    21. Re: What is of real value? by Anonymous Coward · · Score: 0

      A lot of this information is NOT public record. It's personally identifying information of students and their families, which is by definition PRIVATE. That's why access is restricted to people with a legitimate need to access it (school counselors, registrars, attendance clerks, principals, selected teachers, etc...).

      I'm a teacher in the district and these are real kids we are talking about...MY STUDENTS. Some creep is already trying to commit identity theft against the kids in my classroom every day. They are "grooming" the data for ID theft the way a sexual predator grooms their victims in advance. Your sarcasm and snark is directed at people I work with every day, and whom will have to deal with the hassle, and potentially life-altering consequences of identity theft in years to come. Such sarcasm is shameful. How about you save it for the perps, not the innocent victims.

      SDUSD has over ten thousand employees. It's the fifth largest school district in the nation. It's a huge target because it's a huge database. There were approximately 50 compromised accounts. That's considerably less than a half a percent of our staff who fell victim to this, and it was a targeted campaign of fishing, not a single bad link. I'd say that's actually a fairly low success rate given that the vast majority of our staff aren't primarily tech workers. I am willing to bet that major corporate IT departments have had much worse phishing breaches, but unlike public schools, they don't have to publish the results, and in fact, actively hide their breaches to save face/not tank the company stock.

    22. Re:What is of real value? by Anonymous Coward · · Score: 0

      I am trying to figure what is so valuable of 10 years of school district data? Perhaps some bank information to pay teachers with direct deposit.
      What are you planning to do, blackmail students to show they were put into detention 10 years ago, for fighting or talking up to a teacher. Or the fact that you had failed English back in 2001. Most of the data in a school is public information anyways.

      Social Security numbers, if they were in the database, is probably the most valuable with respect to identity theft.

    23. Re:What is of real value? by jpaine619 · · Score: 1

      Social security numbers are fairly static

      Fairly static? They do not change. They are static, statistically speaking..

      but names change with damned near every marriage

      WTF? 1/2 of the students are boys.. 1/2 are girls.. So for 1/2 the marriages, involving these students/former students, the name will NOT change... 1/2 is not "nearly every".

    24. Re:What is of real value? by jpaine619 · · Score: 1

      but the mother's maiden name wasn't even close.

      Why do you think that Capital One would have had access to your mother's maiden name? I've never met a single entity that had that information beforehand. Not even the Fed's when I worked for them. Like, sure they could go and look it up manually, but it's not part of a standard credit report.. It's one of those bits of information you provide.

    25. Re:What is of real value? by jpaine619 · · Score: 1

      DOB, SSNs, are all that's needed to get Birth Certificates

      Close but no. You do not need a SSN to get a birth certificate.
      #1. BC's are issued before SSNs, (sometimes years before) so they exist independently of it.
      #2. It's still not mandatory to have an SSN. There can be financial penalties for not having one, but there are no criminal penalties.

      Before some asshat chimes in, no, you don't need a SSN to open a bank account. You can open a bank account with an EIN. (Employment Identification Number) which is like a SSN, but different. EIN are generally issued to corporations but, you can get one as a human. It would be a giant pain-in-the-ass to go this route, but it is possible.

    26. Re:What is of real value? by jpaine619 · · Score: 1

      If you give out your information, count on it being stolen. The solution is not to give it out in the first place. AFAIK, it is not legally required to give a SSN to enroll in public school.

      When people or businesses ask for my SSN, I refuse. One doctor insisted, so I took my business elsewhere.

      This is correct. With caveats... It is a violation of Federal Law, as written, to use a SSN for identification purposes.. However, everyone does it.. But you cannot be penalized, legally, for not giving it out for most things.

      It was actually the SSN situation that first clued me in to the fact that a lot of laws are selectively enforced (also illegal). During my enlistment in the military I was surprised to see that every single document that contained a request for SSN also carried the disclaimer that "giving the SSN was voluntary but without it one could not proceed with enlistment". I'm paraphrasing. The actual disclaimer was a little more wordy and contained the US Code (if memory serves) that states that a SSN cannot be used for identification purposes. Basically they (the military) was saying "Here's the law that says we can't use your SSN for identification, but if you don't let us use it for identification we ain't gonna let you enlist"..

      It was.. enlightening..

    27. Re:What is of real value? by Tokolosh · · Score: 1

      As a society we must collectively resist providing data that is not needed. But all the time I see people hand out personal info for no reason at all. When the cashier asks if she can get my telephone number, I simply reply "No" - I do not explain, apologize or make an excuse, just "No."

      If I get carded at a bar, I show my ID with the birth date visible. I cover up the number and don't let it our of my hands, no scanning. If everyone did this, organizations and businesses would rein in their data collection.

      --
      Prove anything by multiplying Huge Number times Tiny Number
    28. Re:What is of real value? by jpaine619 · · Score: 1

      How about those "win this car" scams? It amazes me how much information people will put on that entry form to MAYBE have a chance at winning a car. .I say MAYBE 'cause who the hell even knows if the car is ever won.. Might be one giant scam..

    29. Re: What is of real value? by Maelwryth · · Score: 1

      You could probably make more money without upsetting as many authorities by using it for marketing. I imagine it has the name, address, phone numbers and emails for at least one of the parents if not both.

      --
      I reserve the write to mangle english.
    30. Re: What is of real value? by Khyber · · Score: 1

      Welp, we know you're brain-damaged if social media is the only media you can think of.

      Spoken media.

      Video media.

      Artistic media.

      Go back to school and grow up, child.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    31. Re:What is of real value? by Anonymous Coward · · Score: 0

      I work for a school, and we are targeted with phishing campaigns constantly. Some are quite sophisticated where the perpetrator has researched the org chart, and is impersonating folks like the superintendent in an attempt to get an admin assistant to provide info.

      Some are funny, though. A lot of preparation and work just to try to steal a few dollars. We had one last week where an attacker impersonated a VP, but instead of attempting to gain credentials to access records, the attacker tried to get the victim to buy them a gift card.

      We also get the zillion phishing scams to gain access to accounts for spamming (since we switched to office365 for email, most of these get past MS's terrible spam filters). And, a lot of these are successful. It is always surprising to me that these scammers never figure out what they really have, and try to used the credentials for more than sending spam.

    32. Re:What is of real value? by Anonymous Coward · · Score: 0

      What is of value???

      First of all... whoever "did it" did NOT ***STEAL*** ANYTHING.... THEY ***COPIED*** IT... there is a clear difference there, get it right.

      Second, there is NO reason schools need all this fucking data, their job is to impart knowledge, that's it... NOT to be DATA BROKERS.

      Third, there is NO reason you need to give that data to schools... YOUR job is to PROTECT your children from becoming datamined, controlled, slaves... to protect their FREEDOM.

      ALL that is needed is a NAME, a RANDOMLY generated 128 bit number as database key for GRADES... THAT's IT.

      Public schools suck anyways and are nothing but Statist indoctrination camps ensuring your kids become Government and Corporate Slaves for life.

      FUCK THAT, pull them out and put them in private community schools.
      Private is less expensive too, after you cancel all the stupid tax they steal from you for public schools aka: their pockets and that of their public contract awardees.

      And private is directly managed by you, the interested payer, not some fucking Invasive Statist School Board.

      Value your kids and grandkids, keep them away from the Manifest Control State.

    33. Re:What is of real value? by Anonymous Coward · · Score: 0

      Soft targets?
      Are you fucking kidding me?

      Schools, Governments, Hospitals, Doctors, Lawyers, Banks, Credit Agencies.... ALL OF THEM are hit ALL THE TIME... they simply DO NOT report it. They only report it if they feel they're going to get outed, say by an anti-corrupt activist employee, or data correlation.

    34. Re:What is of real value? by drinkypoo · · Score: 1

      I'm kind of surprised a school hasn't been hit yet. I would imagine compared to banks and credit unions they would be soft targets security wise.

      Can confirm. I worked on one project at a community college where they were sending student data in the clear across the open internet, to a remote classroom site. IIRC, the application literally used telnet. I got paid a little bit to quickly set up ssh tunneling, and then I got paid more again to set up IPSEC later. They had a sysadmin who was supposed to do stuff like that, but he knew jack. I was supposed to get his job, but then he bought a second Harley so The People had to pay him instead of someone competent. Hooray, unions!

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    35. Re:What is of real value? by Jason+Levine · · Score: 1

      It's one of those things that's constantly billed as a "security question" and before my ID theft I naively thought that it provided some level of security. Basically, if you tried to apply for credit in my name and said my mother's maiden name was "Smith", I thought you'd be denied because that's wrong. Instead, mother's maiden name is pretty much ignored. They might as well ask "What's your favorite food" or "Are you reading any good books right now" for all the security it provides. Yet, they still will ask for mother's maiden name and bill it as a security procedure.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    36. Re:What is of real value? by jwhyche · · Score: 2

      Fairly static? They do not change. They are static, statistically speaking..

      Actually a social security number can be changed. For all intents and purposes it requires a act of god but it can be done. I don't know all the instances where it can be done but I have heard of a new one being issued due to a massive case of identity fraud.

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
    37. Re:What is of real value? by jpaine619 · · Score: 1

      Which is why I said "statistically speaking". I didn't say they could not be changed. Your example is what? 1 out of 1,000,000? That can be written as zero if we're not rounding to anything past ten thousandths.

    38. Re:What is of real value? by jpaine619 · · Score: 1

      Ah.. I gotcha. Yeah, mother's maiden name is not a thing that is verified. It's the thing you use to get back into your account if you get locked out. Yes, it can be set to anything you want, as long as you remember what it was if/when the time comes.

    39. Re:What is of real value? by mermeid007 · · Score: 0

      Fantastic. Thought police in every public school. I take back nothing I ever said, including the fact that half these teachers you are so underpaid they should be moonlighting as waitstaff.

  4. Not unnoticed by Anonymous Coward · · Score: 0

    The attack didn't go unnoticed.

    Oh, that's reassuring

    the hacker had access to its network between January 2018 and November 1, 2018

    On second thought, no you pretty much didn't notice.
    Think of how incredibly long that is.

    1. Re:Not unnoticed by jpaine619 · · Score: 1

      On second thought, no you pretty much didn't notice. Think of how incredibly long that is.

      Round about 300+ days.

  5. ID card by Anonymous Coward · · Score: 0

    Tech has made it so the employee's ID card (login/pw) can get them anywhere in the building, from the vault, to the file cabinets containing all the personal records. I don't have a simple fix, but boy has tech screwed the pooch on this.

  6. Email needs to go by Anonymous Coward · · Score: 0

    Email in its current form should not be used for business. Period

  7. Yet another reason... by bobbied · · Score: 0

    I home schooled my kids... Their school records are not at risk from some underpaid government employee's mistakes.

    Not to mention that they got a pretty good classical education and are both excelling in college...

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:Yet another reason... by Anonymous Coward · · Score: 1

      I home schooled my kids... Their school records are not at risk from some underpaid government employee's mistakes.

      Not to mention that they got a pretty good classical education and are both excelling in college...

      Congratulations. You should get some stickers for the back window of your Prius.

    2. Re:Yet another reason... by Anonymous Coward · · Score: 0

      What was the primary reason you home-schooled?

    3. Re:Yet another reason... by bobbied · · Score: 1

      I home schooled my kids... Their school records are not at risk from some underpaid government employee's mistakes.

      Not to mention that they got a pretty good classical education and are both excelling in college...

      Congratulations. You should get some stickers for the back window of your Prius.

      If I ever get one, I guess I will. But my pickup truck is going to have to bite the big one and a Prius is going to have to change to look more like a truck first.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    4. Re:Yet another reason... by bobbied · · Score: 1

      Nope, but it's another reason I'm happy I made that choice. (Thus the title of this thread. )

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    5. Re: Yet another reason... by Anonymous Coward · · Score: 0

      Haha that aint no Prius and I aint no yoga teacher and those coyotes are not safe to pet

    6. Re:Yet another reason... by Anonymous Coward · · Score: 0

      You misread the question: What was the primary reason you home-schooled?

    7. Re:Yet another reason... by pr0fessor · · Score: 1

      Let's see.

      The day after the school shooting in Colorado they expelled my middle son because he owned a trench coat but hadn't worn it for over a year because he out grew it. A truancy officer showed up at my house later that afternoon and apologized because apparently the principle that expelled the kids with trench coats had been suspended and all the expulsions expunged.

      The same son was expelled for wearing a pentagram. When I confronted the principle she told me that it was a gang sign and I corrected her that it was a religious symbol. She then said there was no place for things like that in a public school. I told her that he would be back to school and I wouldn't say anything else but the cross around her neck was enough that if I ever heard of him or any other kid getting harassed for something like that again I would take legal action.

      They tried to expel him for dying the tips of his hair black, I called the principle and told her just no and don't send him home again.

      I have 5 sons I could go all day with stories.

    8. Re:Yet another reason... by jpaine619 · · Score: 1

      What was the primary reason you home-schooled?

      Not speaking for the poster, but the reasons I hear most often, in everyday life, is dissatisfaction with class sizes (our district is up to 27+ students per teacher), religious reasons, safety (people still don't understand that school shootings are statistically super rare and you're way more likely to die in your bathtub, but I digress) and last (and least) is political reasons. The last reason is usually reactionary. i.e. it's not that the parents don't send the kid to school because of "whatever", it's that they pull the kid out of school after "whatever" has set them off.

      An anecdote, but when I was younger there was a teacher at our middle school who was a communist.. I mean that literally.. This guy didn't teach about communism and capitalism and then compare the differences.. He didn't teach the history of communism... Those would be reasonable. This guy taught that communism was "the way". He PUSHED communist ideology in every aspect of his classes. I know of 2 parents who jerked their kids out of the school over that. Our district population is pretty conservative, but the district employees are way more liberal. It's caused a lot tension of the years. And, I'm sure, it's caused more than a few people to go the home-school route.

      Out here "home school" isn't really what most people imagine.. It's more.. collective. Like, it's not a mom teaching her kids.. It's a mom teaching her kids and the kids of 5 of her neighbors.. More like that.. More efficient I guess.

    9. Re:Yet another reason... by bobbied · · Score: 1

      The first reason we home schooled is to avoid dealing with the liberal bias in education and so we had control over what our kids where being taught. Secondary was that our kids both had learning disabilities that would have made classroom learning difficult for them and being in a school with 2 students and 1 teacher was a clear advantage for them.

      So the primary reason was we thought it would produce the best educational outcome for both of them to learn at home. It's hard to know what "could have" been, but I know that it worked out very well for them.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  8. Only citizens required to provide documentation. by Anonymous Coward · · Score: 0

    Which is all hilarious as to renew a drivers license in my state, citizens have to present a birth certificate or passport, an original SS card or W-2, and two proofs of residency! That's just for citizens!

    BUT, if you are an illegal alien *cough* "undocumented immigrant", the only thing you have to present to get or renew a DL is two proofs of residency and a state tax return. That's all!

    I think I'm going to claim I'm "undocumented" next time I renew. It will be easier.

    Captcha - "colonize" No joke.

  9. Re:Only citizens required to provide documentation by bws111 · · Score: 2

    Uh, no. Those are the requirements for the initial issuance of a 'Real ID' approved license. If you don't want to present all that stuff you get a regular drivers license, which will not be accepted for ID for domestic flights, etc.

  10. Re:"He"? by mrbester · · Score: 1

    Little Bobby Tables strikes again.

    --
    "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  11. Copied, not Stolen by Anonymous Coward · · Score: 1

    Copied.The intruder copied the records. If he had stolen them, the district would no longer have them.

  12. Bullshit. by Anonymous Coward · · Score: 0

    Bullshit. It's highly effective for people who aren't morons. There is nothing anywhere near as useful.

  13. Um, YES by Anonymous Coward · · Score: 1

    That option is not offered to citizens in my state. If you are a US citizen you are REQUIRED to get a "RealID". I've called and asked the DOT. Even asked them to confirm that, which the nice lady did after putting me on hold for a few minutes.

    Only illegals have the option to choose a non-federal ID card, er... I mean "driver's license".

    1. Re:Um, YES by jpaine619 · · Score: 1

      If you are a US citizen you are REQUIRED to get a "RealID".

      Only illegals have the option to choose a non-federal ID card, er... I mean "driver's license".

      Which state? This is not the case in CA. I know because when I went down to manually renew my license (i had already burned through the 3 auto-renewals and had to do it in person this time) I forgot my Birth Certificate. The lady said "No problem. We'll give you a regular DL today and, when you have time, come back with your BC and we'll convert it to a Real ID. Two months later, I'm still carrying a regular DL. At some point I'll go "upgrade" it....

  14. Re:"He"? by jfdavis668 · · Score: 1

    The danger of adding semi-colons to your children's names.

  15. Bueller... Ferris Bueller... by Anonymous Coward · · Score: 0

    He's absent today.

  16. There is real value by Pollux · · Score: 4, Informative

    I was informed by a security expert at a technology convention that personal data (Name, BD, SSN) of children are some of the most valuable data sought after on the dark web. When adults have their security credentials stolen, they discover the theft rather quickly, and any accounts created with the stolen data are shut down in a matter of weeks, giving the stolen credentials little potential value. But children do not check bank account information, or credit card balances, or credit scores until they become adults. Hackers can use that information to bankroll illegal financial activity for years.

    Someone enrolled now in preschool may discover 15 years later when they fill out their FAFSA that they owe hundreds of thousands of dollars in unpaid credit card balances and financial loans. San Diego School District will be liable for decades to come.

  17. Nonononono by Anonymous Coward · · Score: 0

    It's not the tech that done did it, you doofus. It's whoever set up the system who done did it. Presumably on orders of whoever signed off on the resulting system. According to some spec that presumably got signed off too. By someone therefore "responsible" for this mess.

    The simple part of the fix is indeed simple: Don't do that. Don't blame the tech. Don't even blame some unknowable and therefore all-powerful actor ("hacker!") that you therefore cannot defend against. Of course you can defend against this. It's sheer stupidity. But we don't want to defend against this stupidity because that would require admitting it was us that's been stupid.

    It's not "the tech". It's not "a hacker". It's whoever set up the system coming up with something stupid. It's whoever built the software pretending to know what they're on about. It's the people using the system not complaining that it is dangerous to use. It's us!

    Us! Nobody else! It Is Us That Are Being Stupid, Doofus. US.

    Of course, after that the fix gets a lot less simple. For now we really have to start thinking. And we're still pretending the computer can do that for us. So admit that we still have to bring the smarts to the shop, and start cranking that grey mass and maybe, just maybe, something slightly less stupid will come out eventually.

  18. Re:"He"? by Anonymous Coward · · Score: 0

    Little Bobby Tables strikes again.

    That son of a bitch.

  19. So many errors by emzee · · Score: 1

    ZDNet should hire a spell checker.

  20. This is SLASHDOT! by Anonymous Coward · · Score: 0

    Nobody reads the OP past the title.

  21. Eh small breach by Anonymous Coward · · Score: 0

    Pretty small breach in the big picture, is this front page worthy news. #wheresmalda

  22. Re:Only citizens required to provide documentation by jpaine619 · · Score: 1

    If this is CA you are referring to, the license for an illegal is different than for citizens. So, the requirements may be different, but the outcome is different as well.

    If this is not CA you are talking about, my apologies for assuming..

  23. How exactly is this hacking? by Anonymous Coward · · Score: 0

    Sending a fake email out is so far removed from "hacking", yet jackasses like the author keep using the word as if it means "doing bad things with a computer".

  24. Comment removed by account_deleted · · Score: 0

    Comment removed based on user account deletion