There have been a few different school districts that have been affected by cyber attacks this year. And several of them were breached by the same method, phishing aimed at the W-2 forms of employees. This is typically done by an attacker purporting themselves as an executive of the school, such as the superintendent, and sending crafted emails to HR or finance personnel requesting the W-2’s of employees. Unfortunately, many continue to be fooled by these types of emails, and so attackers continue to employ this method. It is a similar circumstance in a recent data breach upon Powhatan County Public Schools in Virginia.
Details of the Attack
The data breach had occurred on Monday, March 20th, and according to a school spokesperson, it exposed the W-2’s of 905 employees of the school system. Superintendent Dr. Eric Jones had written a letter to employees stating, “We are contacting you concerning a data breach that has occurred at Powhatan County Public Schools. A couple of hours ago a payroll employee responded to an Email Phishing Scam requesting employees’ W-2 forms. I was notified of this breach of data within the hour and we immediately began the process of notifying authorities and investigating steps to protect each of you. We sincerely apologize for this data security breach and the inconvenience that it may cause you and your family.”
Actions Being Taken to Mitigate the Breach
Unfortunately, W-2’s contain a variety of personal information, and exposed information would include name, address, social security number, gross income, and taxes and wages. Of course, this type of valuable personal information can be used by attackers for a variety of malicious purposes, such as identity theft or fraud. Jones had recommended that employees place a fraud alert on their credit file before the hacker can open any accounts or change any accounts in the employee’s names. He had also said that the school is “investigating credit monitoring and/or identity theft restoration services for our employees at no charge.”
The letter had said that the school had filed a notice with the local police, IRS, The Federal Trade Commission (FTC), as well as the FBI’s Internet Crime Complaint Center. The school also scheduled three question and answer sessions for those affected by the breach. There are many steps that need to be taken immediately after a data breach for any organization to best recover from it, and it appears that the school is taking appropriate action to complete many of these steps. Improper handling of a data breach can have a wide variety of further disastrous consequences, and so taking mitigative action is critical.
Protecting an Organization From Attackers with Threat Intelligence
Cyber attacks like the above are more common than ever, and unfortunately, in our modern age, the use of cyber technology comes along with the risk of attackers. And this is why proper security needs to be constantly in place. With the modern state of threats, complacency or negligence cannot be afforded when it comes to cyber security. Threat intelligence feeds can assist an organization to proactively defend from threats before they have the chance to attack. Feeds relay intelligence to organizations in regard to various indicators and patterns of threats around the web, which they can then implement into their security systems and softwares to better defend from those threats. Massive Alliance can provide comprehensive threat intelligence feeds that give an organization the ability to better defend their networks and systems.