Allison Ross reports:
North Oldham High School is alerting 2,800 current and former students that a data breach earlier this month could have exposed their names, social security numbers and other personal information.
On Sept. 10, an outside scammer breached a computer after a nutrition services staff member at the school “ended up at a website that wasn’t the site she intended to be on,” said Oldham County Schools spokeswoman Tracy Green.
On that computer was a database that contained the names, telephone numbers, addresses, social security numbers and date of birth of both current and former students at the school, Green said. She did not say exactly what the database was for.
A district investigation was unable to determine whether the computer intruder accessed that particular database, Green said.
Read more on The Courier-Journal. It sounds like the district is trying to avoid recurrences by removing sensitive information from the database, ensuring other databases are encrypted, and unnecessary sensitive information is deleted. District IT personnel were also reminded to share information with staff about phishing schemes.
All that said, I think it would be helpful if the school district shared the phishing email so that other employees in the district – and employees in other districts – could be aware of it and not fall for it. Was this spear-phishing or was the employee using their work computer for personal email and fell for another phishing attempt?