Federal investigators have warned the Atlanta Public School system that all 6,000 of its employees may have had their personal information compromised due to a phishing scam.
How many victims? Potentially 6,000.
What type of information? Data that enabled the hackers to redirect direct deposit salary payments away from the proper recipients to another bank account.
What happened? In late September a successful phishing attack on 27 school district workers enabled cybercrimals to effectively steal their weekly paychecks, totaling $56,459, while an additional seven staffers had their direct deposit information altered but did not lose their money. However, on October 3 federal investigators told school officials that they believe confidential information for all 6,000 employees also may have been compromised. The phishing attack that started the breach used malicious links and convinced the employees to offer up their login credentials.
What was the response? The Georgia Bureau of Investigation and the U.S. Secret Service are investigating the situation. The district will tell their workers to change their passwords and is communicating with them to explain what happened.
Quote: “[It] became apparent that confidential employee data was potentially exposed for all employees. Unfortunately, it is impossible for the district to see what the thieves actually accessed at this time, but it is apparent that the breach extends beyond the original employees whose direct deposit was impacted,” the district said in a statement.”
Sources: The Atlanta Journal Constitution