Olympia SD employees' personal information exposed in data breach

An email that appeared to come from a school official, but was actually a spoofed email address led to a data breach at the Olympia School District.

%

%

"The person posing as the superintendent requested via email a listing of employee names, addresses, salary information and social security numbers. The list included information for employees who received a W-2 form for the calendar year January 1, 2015 through December 31, 2015," said school district director of communications and community relations Susan Gifford.

Gifford said the breach affects 2,164 people and that the email address used was identical to that of the district's superintendent, Dick Cvitanich.

When the phishing scam was discovered, the district notified the Olympia Police Department, Internal Revenue Service and the Washington state Attorney General's office.

A district team has been working with security experts, legal counsel, its insurance carrier and the district’s technology team to deal with the breach.

“We understand the severity of this issue and are advising employees on protective measures,” Gifford said.

Adam Brickell, the president of the Olympia Education Association, said many of the teachers are anxious. Brickell himself was already a victim of a data breach suffered by Target last year.

“It’s really unfortunate. The access to email and technology is so great in so many ways, but there’s also this other side of it that makes it really challenging at times,” Brickell said.

He said the district has been handling the situation well, notifying staff of what can be done.

Gifford said the district would provide free credit monitoring services. She added that they would be re-evaluating their procedures and training.

“Here’s a teachable moment. Here’s a chance to look at what we’ve done, and see how to move forward with it,” Brickell said.

Cox Media Group