Phishing Scam Leads to Data Breach at Olympia School District

A Washington school district became the latest information security breach victim.

by Lisa Pemberton, The Olympian (Olympia, Wash.) / April 14, 2016 0

(TNS) — The Olympia School District plans to offer its 2,164 employees free credit monitoring and identity theft resolution services in wake of a major data breach on Tuesday.

Officials in the 9,800-student district are also rethinking the way confidential information is handled, according to spokeswoman Susan Gifford.

"The district is re-examining its procedures and training," she said Wednesday afternoon.

An email — configured in a way to look as though it had originated from Olympia Superintendent Dick Cvitanich's school district account — was sent to an employee requesting a list of employee names, addresses, salary information and Social Security numbers, officials say.

A list with that information was released at about noon to the outside entity that had spoofed Cvitanich's account, Gifford said. It's a scam that's known as phishing; officials learned about the fraud late Tuesday afternoon, toward the end of business hours, Gifford said.

Between 5 and 7 p.m., officials notified Olympia Police, the Internal Revenue Service, the Attorney General's Office and the Federal Trade Commission, Gifford said. Officials sent an email to all of its employees at about 7:15 p.m.

"We understand the severity of this issue and will deploy a privacy expert to advise employees on protective measures," the email stated. "We will deploy a system for employees to monitor their finances."

Employees who received a W-2 form for the calendar year January 1, 2015, through December 31, 2015, were affected by the data breach, according to the letter.

Cvitanich sent another letter to employees on Wednesday morning, as well.

"This morning we have been working with security experts, legal counsel, insurance carrier and our own technology team regarding the number of issues associated with this breach of information," Cvitanich wrote. "Our first priority is ensuring the security of your personal data." Olympia Police Lt. Paul Lower said detectives will likely investigate the fraud case with the IRS, since it involved tax information.

"They did not get hold of students' information," Lower added.

Adam Brickell, president of the Olympia Education Association, a union that represents the district's teachers, said he felt officials were being "very proactive" in addressing the data breach. He said they acted quickly and had done an amazing job trying to mitigate potential harm for employees.

Brickell said he had been contacted by some teachers, and there was "a degree of anxiety, obviously."

"I think they have questions about how it happened," Brickell said. "I think it's going to be an opportunity for the district to heighten awareness about this and their policies and procedures about what is sent out, and how it's sent out."

©2016 The Olympian (Olympia, Wash.), distributed by Tribune Content Agency, LLC.