On April 27, 2020 Aeries Software sent out a notice to all school district’s using Aeries informing them that some school databases of Aeries Hosted customers had been breached. The Rocklin Unified School District is not a customer of Aeries Hosted, which means we store our databases on our own servers rather than Aeries Software’s servers. The breach was discovered initially in late November, but Aeries software did not become aware of unauthorized data access until March of 2020. Aeries believed the incident was isolated.
On May 6, 2020, after further information from Aeries Software and in communicating with other schools using Aeries, we contacted Aeries support and asked for their staff to check our server logs to ensure our data had not been compromised. On May 11, 2020 Aeries support staff worked with our staff and did determine that unauthorized access of our data occurred on November 4, 2019.
There are active investigations going on into the breach of multiple districts on-premise servers and Aeries Hosted. State and Federal agencies are investigating and it is believed that the attacks have all been carried out by one entity and the perpetrators are currently in custody. Aeries has provided patches to prevent further access which we have applied to our servers.
The information that was exposed are:
What We Are Doing
On December 20, 2019 Aeries Software released updates to fix the vulnerability used in the attack. We applied these updates at the time they were released. We will be resetting all student passwords.
Rocklin Unified School District will be enforcing stricter password security guidelines as an added precaution against the possibility of future such incidents. All new passwords will employ the following guidelines:
Force Users to Change Passwords Every 6 months (minimum)
Days Prior to Expiration to Notify Users - 10 days (minimum)
Minimum Length: 8-16 Characters
Require a Special Character
Require Letters and Numbers
Require Upper and Lower case
What You Can Do
While there is no evidence to suggest that your specific data was misused, out of an abundance of caution, we will reset the account passwords for all parents and students beginning Tuesday May 12, 2020
For More Information