Ƶapp

Cyber Communications

Dear Ƶapp Unified Community,

As you are aware, our district joined an ever-growing number of U.S. school districts that have been targeted by cybercriminals when we experienced a sophisticated cybersecurity incident at the end of January. From the earliest moments of this incident, our team committed to providing updates as quickly as possible. In the spirit of full transparency and timely communication, we wanted to ensure that we are doing all that we can to provide you with the latest progress on this incident.

Recently, an external team of experienced cyber security professionals finalized an extensive review of documents and files containing personal information that were potentially accessed and/or acquired. The comprehensive nature of the investigative review of these files required a one by one review of approximately one million individual records over the past several months.

As this process has now concluded, the investigation identified approximately 29,000 people who had personal information potentially accessed and/or acquired. At this time, we are finalizing individual notification letters to those 29,000 potentially impacted people. The letters will list what personal information was identified during the investigation.

As a district, we are intent on continuing to support those whose information was potentially accessed and/or acquired. The individual notification letters provide the best guidance on steps that can be taken to protect against potential fraud. In addition to providing the individual notifications, we have set up a call center to help answer any questions you may have.

Maintaining the privacy and security of the personal information of those connected with TUSD is of the utmost importance to us, and we continually evaluate and modify our practices to enhance its security and privacy.  I want to express my appreciation for your patience and support during this unprecedented cyber incident on our community as well as to extend our apologies for the inconvenience, stress, and anxiety the incident may have caused you and your loved ones. 

Sincerely,

Dr. Gabriel Trujillo
Superintendent

Frequently Asked Questions

As a result of a sophisticated cybersecurity incident, TUSD discovered that an unauthorized actor accessed portions of their network.

Upon learning of this issue, TUSD contained the threat, notified law enforcement and commenced a prompt and thorough investigation with external cybersecurity professionals experienced in handling these types of incidents. After an extensive forensic investigation and manual file review, we discovered on July 21, 2023 that the files that were potentially accessed and/or acquired on or around January 20, 2023 contained some personal information.

Yes, the letter is from Ƶapp Unified. We can assure that the letter is legitimate, the California address is the mail center’s return address.

TUSD wants to make you aware of the situation and provide you with guidance on how you can protect yourself.
If you received this notification, it is because you are either a current or former student and/or employee of TUSD.
There has been no delay in notification. Upon learning of this issue, TUSD contained the threat, notified law enforcement and commenced a prompt and thorough investigation with external cybersecurity professionals experienced in handling these types of incidents.  After an extensive forensic investigation and manual file review, we discovered on July 21, 2023 that the files that were potentially accessed and/or acquired on or around January 20, 2023 contained some personal information. Thereafter, TUSD worked to provide notice to potentially affected individuals as quickly as possible.
Not necessarily. At this time, we have not received any reports of misuse of data. Nonetheless, out of an abundance of caution, TUSD wants to make you aware of the incident and let you know that it continues to take significant measures to protect your information.
TUSD is not proactively calling, texting or emailing customers to ask for personal information of individuals related to or impacted by this security incident.

If you have provided personal information over the phone or clicked on the links in a fraudulent email, we recommend reviewing the information contained in the notification letter you received that discusses ways in which you can take steps to protect your information.
A limited number of individuals who were notified.
Your notice letter describes what information of yours was involved. Please refer to the “What Information Was Involved” heading in your letter.
Not necessarily. At this time, we have not received any reports of misuse of data. Nonetheless, out of an abundance of caution, TUSD wants to make you aware of the incident and let you know that it continues to take significant measures to protect your information.
Credit or debit information was not involved in this incident. Nonetheless, TUSD recommends that you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis.
Upon learning of this issue, TUSD contained the threat, notified law enforcement and commenced a prompt and thorough investigation with external cybersecurity professionals experienced in handling these types of incidents.  After an extensive forensic investigation and manual file review, we discovered on July 21, 2023 that the files that were potentially accessed and/or acquired on or around January 20, 2023 contained some personal information.
If you did not receive a notice letter and you think you may be impacted, you will need to contact the call center at 888-898-1444 and provide your full name and they will confirm whether your information may have been compromised as a result of this incident.
At this time, we have not received any reports of misuse of data. Nonetheless, out of an abundance of caution, TUSD wants to make you aware of the incident and let you know that it continues to take significant measures to protect your information.
TUSD suggests you consider taking the following steps:
  • Enroll in the credit monitoring services offered at no cost to you.
  • You should always remain vigilant in reviewing your financial and credit/debit card account statements for fraudulent or irregular activity on a regular basis.
  • You may consider placing a fraud alert and/or security freeze on your credit file.
  • You may order a free credit report.
  • If applicable to you, you should follow the general practices provided in your notice letter that can help protect you from medical identity theft.
TUSD provided notice via U.S. Mail to all those potentially impacted. If you did not receive a notice letter and you think you may be impacted, you will need to contact the call center at 888-898-1444 and provide your full name and they will confirm whether your information may have been compromised as a result of this incident.

 
If applicable and included within your notice letter, TUSD is offering credit monitoring through TransUnion.
Website and Enrollment. Go to the and follow the instructions for enrollment using your Enrollment Code provided at the top of the letter.

Activate the credit monitoring provided as part of your IDX identity protection membership. The monitoring included in the membership must be activated to be effective. Note: You must have established credit and access to a computer and the internet to use this service. If you need assistance, IDX will be able to assist you.
 
Unfortunately, TUSD cannot register for you. You must enroll yourself online (or over the phone) using the Activation Code in your notice letter if you received one.
You can sign up for this service anytime using the Activation Code listed in your notification letter.
A fraud alert tells creditors to contact you personally before they open any new accounts.
Frequently Asked Questions
In order to place a fraud alert, you will need to call any one of the three major credit bureaus (as soon as one credit bureau confirms your fraud alert, they will notify the others to place fraud alerts).  Alternatively, you may file the Fraud Alert online.  to the Experian fraud alert home page.

Equifax
P.O. Box 105069
Atlanta, GA 30348

(800) 525-6285

Experian
P.O. Box 9554
Allen, TX 75013

(888) 397-3742
TransUnion LLC
P.O. Box 2000
Chester, PA 19016-2000

(800) 680-7289

An initial fraud alert lasts one year and it is free.
No. A fraud alert will not stop you from using your credit cards or other accounts.
Yes, but the verification process may be more cumbersome. Potential creditors will receive a message alerting them to the possibility of fraud and that creditors should re-verify the identity of a person applying for credit.
If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no cost to you.  A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by sending a request in writing, by mail, to all three nationwide credit reporting companies.  To find out more on how to place a security freeze, you can use the following contact information:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348

(800) 349-9960
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013

(888) 397-3742
TransUnion Security Freeze
P.O. Box 160
Woodlyn, PA 19094

(800) 916-8800

In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information.  After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password.  Keep the PIN or password in a safe place.  You will need it if you choose to lift the freeze.

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name, or to commit fraud or other crimes against you, you may file a police report in the City in which you currently reside.

If you do place a security freeze prior to enrolling in the credit monitoring service as described above, you will need to remove the freeze in order to sign up for the credit monitoring. After you sign up for the credit monitoring service, you may refreeze your credit file.
Promptly call your local law enforcement agency and file a police report. Get a copy of the police report, as many creditors will want the information it contains to absolve you of fraudulent debts. You may also file a complaint with the or reach the FTC at 1-877-IDTHEFT (1-877-438-4338) or 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcers for their investigations.
Yes. The credit bureaus will indeed ask for your Social Security number and other personal information to verify your identity and avoid sending any credit report or correspondence to the wrong individual. However, TUSD cautions against you providing any information to any entity or person contacting you directly asking for your personal information.
Under federal law, you are entitled to one free credit report every 12 months from each of the three major nationwide credit reporting companies. Call 1-877-322-8228 or request your . Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
Yes. If you have lost your notification, you will need to contact the call center at 888-898-1444 and verify your information to receive a replacement notification letter.
Credit or debit information was not involved in this incident. If you see a fraudulent charge on your payment card, you should immediately contact the bank, credit union or other financial institution that issued your card. The phone number to call can be found on the back of the card. If reported promptly, major credit card companies typically guarantee cardholders will not be responsible for fraudulent charges.
No, this is a separate and unrelated incident. We have no information at this time that our District has been impacted by the MoveIT incident.
 
Unfortunately, TUSD is not in a position to provide any legal advice related to the incident.
If a further update is warranted, TUSD will provide one accordingly.
Please provide your name and contact information and a representative will contact you with information you can use to protect the estate.
Please provide me with your full name and contact information and we will have a representative contact you within at timely manner during business hours.
Thank you for your inquiry. Unfortunately, I’m not the best person to respond to your questions. But if you provide me with your contact information and deadline, I’ll be happy to pass your inquiry along to the appropriate contact and have them get in touch with you. Can you please provide me with your:
  • Name
  • Media outlet
  • Contact information (both phone and email)
  • Nature of inquiry
  • Deadline
Thank you so much – I appreciate it. I’ll pass this along now, and we’ll have someone get in touch with you promptly.

IF PRESSED FOR ADDITIONAL INFORMATION: I’m sorry, but I’ve given you all the information I have at this time and will need to have a spokesperson follow up.