California Gov. Newsom signs K-12 cyber reporting bill

California Gov. Gavin Newsom signed legislation requiring school districts and local education boards to report cyberattacks to the state.
Gavin Newsom
California Gov. Gavin Newsom (Justin Sullivan / Getty Images)

California Gov. Gavin Newsom last week signed a bill requiring grade schools to report cyberattacks and other breaches to the state’s cybersecurity team.

The new law encompasses K-12 districts, county education boards and charter schools, requiring those organizations to report any incident that affects at least 500 students — or other individuals — to the California Cybersecurity Integration Center, a multi-agency security operations center in Sacramento. It’ll also order the center — which is run by the California Office of Emergency Services, in conjunction with the California Department of Technology, California Highway Patrol and National Guard — to create a registry of cyberattacks reported by local education systems.

California lawmakers approved AB 2355, introduced by Assemblymember Rudy Salas, a Central Valley Democrat, on Aug. 25. A few weeks later, the Los Angeles Unified School District — the nation’s second-biggest K-12 system, with roughly 665,000 students — reported suffering a ransomware attack. That incident, which has been attributed to the Vice Society group, resulted in the district’s board granting Superintendent Alberto Carvalho emergency spending powers as it continues recovering.

Salas’ office did not reply to requests for comment.


California law currently requires state agencies and private companies to report breaches affecting more than 500 individuals to the California Cybersecurity Integration Center.

Several other states in the past few years have created new cyber incident reporting requirements, including Indiana, New Hampshire, North Carolina and Virginia.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts