skip to main content
QUICK LINKS & RESOURCES

NutriLinks Data Breach Information

NutriLinks - NutriStatus Data Breach Information

NutriLinks - NutriStatus Data Breach Information

What Happened?
 
On September 17, 2020, we were informed by Rocklin Unified Parent that there was a bug in the NutriLink software that may allow unauthorized access to the NutriLink system.  The initial report was focused on NutriLink Databases where families can look up information on their student(s), which is accessible through our district website.  We immediately removed the access to the site as we confirmed the issue.
 
Following the steps provided, we were able to confirm the ability to access student information and reported it immediately to NutriLink.  
 
On September 17, 2020, after notifying NutriLinks, RUSD immediately notified the California Office of the Attorney General, as required by law.
 
On September 18, we were able to speak with NutriLink’s COO Brent England who verified they were able to fix the bug and remove the ability to gain access through the portal.  The issue was identified by their team and resolved quickly.  On September 23rd, RUSD was officially informed by NutriLinks President Michael Lobato of the extent of the access.
 
What Information Was Involved
 
The information that was exposed are:
  • Student Full Names
  • Student ID Numbers
  • Student Grade Level
  • Free or Reduced Lunch Status
  • Lunch Application Confirmation Number
 
What We Are Doing
 
On September 17, 2020, upon verifying the information Rocklin Unified School District contact NutriLinks to report the accessibility flaw and immediately removed the link from our website.  Rocklin Unified School District CTO Ryan Johnson reported the incident to the California Office of the Attorney General.
 
On September 18, 2020, NutriLinks COO Brent England confirmed the bug and reported the issue fixed.
 
On September 23, 2020, Rocklin Unified School District received confirmation from NutriLinks of the data that was exposed and began the notification process for our families.
 
Rocklin Unified School District will be enforcing stricter password security for all students grades 3 and up including a Self-Service Reset Password Module for families to Enroll and Change passwords.  This also gives families and students the ability to change forgotten passwords.
 
The following steps will be taken over the next week to ensure your student accounts continue to be safe and secure:
Student passwords will be reset in grades 3 and up.
 
Using a Self-Service Reset Password Module, SSRPM, families will be prompted to Enroll and Change their student's passwords.  This site will also allow students and families to change and recover passwords.
 
Students in grades Preschool - 2 will not need to change their passwords at this time.
 
What You Can Do
 
While there is no evidence to suggest that your specific data was misused, out of an abundance of caution, we will reset the account passwords for all students grade 3 and up over the next several weeks.
 
  • Go to our new Self-Service Reset Password Module to Enroll and Change Passwords
 
Rocklin Unified School Districts IT Department is in the process of creating an SSRPM site for families.  More details will be emailed to families as it becomes available.

The following links are provided to families as they reset their passwords and discuss privacy and security with their students at home:
 
  • Discussion Items for Password Security and Digital Security
 
Common Sense Media has some great resources for your family to discuss Privacy & Security with your student. 
 
You can also check out these 5 Tips for Families with younger children.
 
Use this guide to compare Weak vs Strong passwords with your students.


Once you recieve access to the new SSRPM site, please visit to Enroll and Change your student’s password as soon as you can.  We will be forcing a password change at that time for all student accounts grades 3 and up.

For help with this process, please call our Help Desk between the hours of 9 am and 11:30 am Monday through Thursday 916-672-3600
 
 
For More Information
 
For more information please email safedata@rocklinusd.org
 
NutriLinks - NutriStatus Data Breach Parent Notification

NutriLinks - NutriStatus Data Breach Parent Notification

The following letter was sent to RUSD Parents regarding the NutriLinks - NutriStatus Data Breach