An attacker used a phishing email to obtain personal identifiable information (PII) on thousands of employees of the Olympia School District in Washington.
How many victims? More than 2,100 employees, including 630 teachers.
What type of information? Names, addresses, salary information and social security numbers were all compromised.
What happened? On Tuesday, an attacker spoofed the email address of the District Superintendent Dick Cvitanich and sent a phishing email requesting the personal information of staff members employed during 2015. A school official said the information was sent to the outside party.
What was the response? The district is working with security experts, legal counsel, their insurance carrier, and the district technology team. The district notified the Internal Revenue Service, and the Washington State Office of the Attorney General as required by law. The Olympia police department fraud unit is also investigating the incident.
Details: No student information was affected. The district has instructed employees to use the Federal Trade Commission’s (FTC) identity theft website and is offering free credit reports and credit freeze. District officials are currently working on a system for those affected to monitor their finances.
Quote “Our first priority is to ensure our employee’s personal data,” district officials said in a statement. “We understand the severity of this issue and are advising employees on protective measures.”