Teacher’s union president on Olympia School District data breach: ‘It happens’
Apr 13, 2016, 7:02 PM | Updated: Apr 14, 2016, 10:11 am
The social security numbers, addresses, names and salary information of 2,164 current and former Olympia School District employees have been released. (AP)
(AP)
Scam artists now have personal information on anyone who worked at the Olympia School District in 2015.
When a district staff member became the victim of a “phishing” scheme, social security numbers, addresses, names and salary information of 2,164 current and former employees were released.
The president of the district’s teacher’s union, Adam Brickell, said he’s upset but only to a degree. He says it’s easy to get access to email these days.
“It happens, and when our students make mistakes, it’s an opportunity to have that conversation and move forward with it. You could call it a teachable moment if you want to,” he said, with a chuckle.
Brickell said he’s heard from many anxious teachers, but he does believe the district is doing its best to manage the problem.
The scammers were able to “spoof” the district superintendent’s email and then proceeded to request the information. A staff member complied.
In a statement, district officials said they are “advising employees on protective measures.”
Brickell has already followed some of the district’s advice and put a fraud alert on his credit, but he says, ultimately, he’s more worried now about the interruption and all the new, heavy workload on staff at the district office.
“It’s distracting and it takes away from our work with kids,” he said.
This breach comes eight months after a new state law went into effect.
It’s the repercussion of a Premera/Blue Cross security breach that exposed personal information of 11 million customers. Premera, based in Mountlake Terrace, didn’t discover that cyber attack until six months after it happened.
The new state law requires companies to notify the state Attorney General’s office anytime there’s a cyber security breach impacting more than 500 people.
Those breaches are listed on the state AG’s website.
The law also makes sure businesses lets consumers know within 45 days if someone has accessed their personal information.
Here is the complete statement from the Olympia School District, issued Wednesday:
“We learned at the end of the work day yesterday that we had a district data breach. The ‘phish’ resulted in an outside entity ‘spoofing’ the email address of the superintendent.
The person posing as the superintendent requested via email a listing of employee names, addresses, salary information and social security numbers. The list included information for employees who received a W-2 form for the calendar year January 1, 2015 through December 31, 2015.
When learning that an outside entity “phished” our district for confidential information, we responded immediately by convening a team to discuss appropriate steps regarding potential impact on current and former employees.
In addition, we notified the Olympia Police Department, Internal Revenue Service, and the Washington state Attorney General’s office as required by law.
This morning we have been working with security experts, legal counsel, insurance carrier, and the district technology team regarding a number of issues associated with this breach of information. Our first priority is to ensure our employee’s personal data.
We understand the severity of this issue and are advising employees on protective measures.”
