Cyber Incident Victim: Centinela Valley Union High School District

On June 22, 2021, Centinela Valley Union High School District experienced a malware infection that encrypted data on an unspecified number of computer systems. The district immediately initiated containment measures to stop further spread of the malware and began restoring access to affected data through backups or other recovery methods. Concurrently, they engaged a cybersecurity firm to conduct a forensic investigation into the incident. By July 8, 2021, the investigation revealed that an unauthorized actor had accessed systems storing sensitive personal information of current and former employees and students prior to or during the encryption event. The compromised data included names, Social Security numbers, financial account details, health insurance information, and medical records. While the district stated no evidence indicated actual theft or misuse of this data, investigators could not definitively rule out potential exfiltration given the unauthorized access.

The district issued breach notifications to impacted individuals and submitted a sample notification letter to California’s Attorney General’s office as required by state law. A public notice was prominently displayed on the district’s website homepage to inform community members. The disclosure did not identify the threat actors or their methods, and no dedicated leak sites listed this incident at the time of reporting. This marked the second cybersecurity incident disclosed by the district within two years, following a 2019 breach involving phishing attacks targeting W-2 forms. The relationship between the two incidents remained unclear, as the 2021 disclosure did not specify whether phishing or another initial access vector enabled the malware deployment and system intrusion. Restoration efforts continued alongside ongoing monitoring for potential misuse of exposed personal information.