Cyber Incident Victim: Lodi Unified School District

On or about September 21, 2022, Lodi Unified School District in California detected unauthorized access to an account within its third-party student record management system, Aeries. The district immediately initiated an investigation to determine the nature and scope of the incident. While the investigation remained ongoing at the time of reporting, it confirmed that unauthorized parties accessed certain information stored in the Aeries application. The district conducted a review of the application's contents to identify the types of compromised data and affected individuals. This review revealed that exposed information included individuals' first and last names alongside medical information. No evidence suggested broader system compromise beyond the specific Aeries account.

The district formally notified impacted individuals via a template letter submitted to the California Attorney General's Office on October 31, 2022. This notification described the incident's occurrence, the categories of affected data, and recommended vigilance regarding personal accounts. The district emphasized it took the breach seriously but did not disclose the number of affected individuals or specific medical data types exposed. Neither Lodi Unified School District nor Aeries published public statements about the incident on their websites as of the article's publication date. DataBreaches.net contacted both entities to determine whether the breach stemmed from compromised district credentials (such as phishing or credential reuse) or a vulnerability in Aeries' systems, but received no responses. The investigation's findings regarding attack vectors, perpetrator identity, and final impact scope remained undisclosed in available sources.