Rocklin Unified School District

NOTICE OF DATA BREACH

NOTICE OF DATA BREACH

What Happened?
 
On April 27, 2020 Aeries Software sent out a notice to all school district’s using Aeries informing them that some school databases of Aeries Hosted customers had been breached. The Rocklin Unified  School District is not a customer of Aeries Hosted, which means we store our databases on our own servers rather than Aeries Software’s servers. The breach was discovered initially in late November, but Aeries software did not become aware of unauthorized data access until March of 2020. Aeries believed the incident was isolated.

On May 6, 2020, after further information from Aeries Software and in communicating with other schools using Aeries, we contacted Aeries support and asked for their staff to check our server logs to ensure our data had not been compromised. On May 11, 2020 Aeries support staff worked with our staff and did determine that unauthorized access of our data occurred on November 4, 2019.
 
There are active investigations going on into the breach of multiple districts on-premise servers and Aeries Hosted. State and Federal agencies are investigating and it is believed that the attacks have all been carried out by one entity and the perpetrators are currently in custody. Aeries has provided patches to prevent further access which we have applied to our servers.
 
 
What Information Was Involved
 
The information that was exposed are:
  • Student ID’s
  • Student Email Addresses
  • Student Passwords
  • Parent Email Addresses tied to a portal account
  • Parent Password Hashes tied to a portal account
 
What We Are Doing
 
On December 20, 2019 Aeries Software released updates to fix the vulnerability used in the attack. We applied these updates at the time they were released. We will be resetting all student passwords.
 
Rocklin Unified School District  will be enforcing stricter password security guidelines as an added precaution against the possibility of future such incidents.  All new passwords will employ the following guidelines:
  • Force Users to Change Passwords Every 6 months (minimum)
  • Days Prior to Expiration to Notify Users - 10 days (minimum)
  • Minimum Length: 8-16 Characters 
  • Require a Special Character
  • Require Letters and Numbers
  • Require Upper and Lower case
 
What You Can Do
 
While there is no evidence to suggest that your specific data was misused, out of an abundance of caution, we will reset the account passwords for all parents and students beginning Tuesday May 12, 2020
 
 
For More Information
 
For more information please email safedata@rocklinusd.org
 
Aeries Breach Parent Notification

Aeries Breach Parent Notification

The following letter was sent to RUSD Parents regarding the Aeries Data Breach