CA AB2355

Requires school districts, county offices of education, and charter schools to report any cyberattack affecting more than 500 pupils or personnel to the California Cybersecurity Integration Center.

Defines "cyberattack" as unauthorized alteration, deletion, damage, or destruction of computer systems or data, or unauthorized denial of access to legitimate users.

Mandates the California Cybersecurity Integration Center to establish a database tracking cyberattack reports and submit an annual report to the Governor and Legislature by January 1 summarizing cyberattack types, numbers, data breaches, and Center support activities.

Requires the Attorney General to share sample copies of data breach notifications from local educational agencies with the Center for report compilation, excluding personally identifiable information.

Repeals these requirements as of January 1, 2027.