On February 24, 2021, Carmel Clay Schools in Indiana discovered suspicious activity involving employee email accounts. Their investigation revealed that there had been unauthorized access between February 15 – February 24.
It took the district, working with third-party forensic specialists, until August 31 to determine everyone who may have had personal information in the compromised accounts.
On September 20, letters went out to 15,817 people who had their personal information in those compromised email accounts.
The district’s notification to the Maine Attorney General’s Office and to those affected does not reveal whether everyone affected was an employee, or if some of those affected may have been students or parents, but the notification to the state says:
The information that could have been subject to unauthorized access includes name, address, medical information, and Social Security number.
Nor does there seem to have been any evidence of misuse by the time the district sent its notifications. But the district is offering those affected complimentary credit monitoring services.