Cuesta College officials and investigators are keeping a tight lid on the details of a May data breach at the college.
So far, both declined to comment on the scope of the breach, in which a college employee transmitted personal information from Cuesta’s employee database to a personal email.
“It’s an active part of an investigation and a personnel matter,” Lauren Milbourne, a spokesperson for the college, told New Times.
The incident occurred May 31, according to a letter sent to Cuesta employees. The letter stated that an unnamed employee gained unauthorized access to employee’s personal data, including names, email addresses, home addresses, telephone numbers, and even social security information.
“There is no indication that your specific information was targeted,” the letter reads. “Additionally, the district is not aware whether that information was shared with any third parties, nor is the district aware of any intent to use your information for any unlawful purpose.”
The letter didn’t reveal the number of employees whose data was accessed. Milbourne said she couldn’t comment on the number of employees. She also couldn’t say whether or not the employee responsible was still employed by Cuesta, but confirmed that the employee had access to the data as part of their job.
“This wasn’t a hacking, but a misuse of information,” she said.
A copy of the letter was also sent to the California Department of Justice. The department confirmed that it received the letter, but wouldn’t elaborate on whether or not it was assisting with an investigation.
“To protect the integrity of our investigations, we do not confirm or deny the existence of an investigation,” DOJ Spokesperson Mariah Craven wrote in an email to New Times.
Officials from the San Luis Obispo County District Attorney’s Office confirmed that the Cuesta College Police asked for assistance in the investigation.