Olympia School District faces data breach after large phishing scam
OLYMPIA, Wash. — OLYMPIA, Wash. -- A phishing scam that used a spoofed email address has exposed Olympia School District staff members' personal information, the district said.
More than 2,100 employees are affected including 630 teachers. Tuesday the district discovered someone was able to gain access to crucial information by posing as Superintendent Dick Cvitanich using the technique of 'phishing' or masquerading as a trustworthy entity.
In a statement the district said, "We learned at the end of the work day yesterday that we had a district data breach. The "phish" resulted in an outside entity "spoofing" the email address of the superintendent."
The fake E-mail requested the names, addresses, salary information and social security numbers of every employee. The first three items are readily available on the internet, but not social security numbers which can be used to access personal finances.
Olympia Education Association president Adam Brickell, "I was concerned about it because I knew there was going to be a lot of increased anxiety around this. And people are going to wonder how the district is going to respond."
The district said, "This morning we have been working with security experts, legal counsel, insurance carrier, and the district technology team regarding a number of issues associated with this breach of information. Our first priority is to ensure our employee's personal data."
The district is directing employees to the Federal Trade Commission's identity theft website and offering free credit reports and a credit freeze. The district says it is working on a system for employees to monitor their finances.
Brickell of the teachers' union, "I spent just a couple of minutes today putting a fraud alert on my credit. It took less than 5 minutes and I feel that's the best thing I can do right now moving forward."
While this affects hundreds of employees, it does not affect any of the students or their families.
The Olympia police department's computer fraud unit is trying to track down whoever sent the fraudulent E-mail and why they were able to get the information so easily. So far there have been no reports of anyone's finances being tampered with.
