DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Granite School District breach worse than the district has revealed — former employee (1)

Posted on December 17, 2024December 21, 2024 by Dissent

Some former employees of Granite School District in Utah are reporting frustration and anger with the district’s incident response to an attack by the Rhysida group. One has written up what he found when he examined the publicly leaked data.

On September 20, 2024, Granite became aware of suspicious activity on its network.  An investigation determined that between September 11 and September 25, 2025, an “unknown, unauthorized actor” gained access to certain computer systems and accessed and/or acquired files stored on those computer systems.

By now, however, the district knows that their attackers are known as “Rhysida” because on November 9,  Rhysida publicly claimed responsibility for the attack and dumped what they described as 2.4 TB of data with  7,481,051 files. A note on Rhysida’s darkweb leak site claims, “All files was uploaded to public access, data hunters, enjoy” (sic).

More than one month later, does the district know what types of information are in the publicly available leak? Former employees want to know why the district hasn’t disclosed more about how they may be affected.

Students Affected

Before this past week, the district had not publicly disclosed that all students were affected by the breach. A December 13 notice and FAQ on the district’s site now states, “Unfortunately, all student records were accessed. This includes all current and former Granite School District students.” Parents of affected students are reportedly being notified by email that the types of student information included name, address, phone number, any associated health information, grades and assessment results, and in some cases, SSN. The FAQ does not mention that parent or guardian information might also be included.

Employees Affected

The district had previously reported that only current employees were affected. That was incorrect. Over time, their disclosure has changed, but more than one month after Rhysida revealed the attack, the district still has not completed its assessment concerning former employees or dependents and family members of current or former employees.

In an FAQ for employees that was most recently updated on November 27, 2024, the district writes:

Does this breach include the SSN’s of employee dependents on our insurance as well?

Our data mining investigation thus far discovered that payroll information had been stolen. That information did not contain information about dependents or spouses.

Is there any concern that our family members’ information may have been included as well (e.g., if our family is on our district-provided insurance)?

Our data mining efforts show no indication that any family members’ information was part of the data breach. If we uncover anything, we will communicate it promptly.

According to a former employee, those statements by the district are inaccurate, as reported later in this post.

How far back does the breach go so former employees can also take the necessary actions?

At this stage, we have determined that employees’ bank account numbers were compromised back to 7/1/2020. There may be other employees who had additional personally identifiable information (not bank accounts) compromised back further, we are still in the process of determining the extent of that information. No employee’s family members’ personally identifiable information (PII) was compromised as part of this payroll information breach.

As Fox News reported, former employee Sheri Harris didn’t realize she was potentially affected by the breach until she saw a former co-worker’s Facebook post about it last week. She had received no notification whatsoever. Harris said the security breach forced her to cancel her main bank account that she’s had for 20 years, but it’s not clear from the news report if she canceled it as a precaution or if she canceled it because she had spotted some possible fraudulent use of the account. It was her main account and used to pay bills, so the impact has been time-consuming and anxiety-producing, she says.

The district’s most recent breach update of November 27 has this in the FAQ:

How are former employees being notified?

We are still data mining to determine which former employees have been impacted.  We are working with our insurance company, which will provide a call center and mailing service for former employees to receive information and support. We are working on determining and providing the addresses of all former employees so they receive notification.  If current employees know former employees who were employed after 7/1/2020 but are no longer with Granite, please help alert them to the district information link and this FAQ.

Has the district issued any actual press releases distributed to local media outlets to get the word out to former employees that they may be affected by the breach?

A Former Employee Digs Into the Data Dump

Harris is not the only former employee to express concern. On December 11, DataBreaches received an email from a frustrated and angry former employee. He informed DataBreaches that he had already determined that the district’s early claims about no former employees being affeced was inaccurate, and their claims about no dependent or family members being affected was also inaccurate. Keeping in mind that the following was written before the district’s updated FAQ to students and parents on December 13 but after the last update of November 27 to employees, the former employee wrote to DataBreaches:

The school has publicly reported that only current employee payroll data was in the breach and that it does not include dependents or spouses SSNs etc. The data breach actually includes payroll data dating back to 1999 and DOES include employees who are retired or no longer there. I have verified this with someone who I know who retired years ago and their information was in the breach. The data also includes SSNs and other information for spouses and dependents.

Aside from this, payroll data appears to be a small part of the breach as a majority of the breach appears to be student records, some dating back to scanned copies from the 1980s. Many of these records include student social security numbers / socialsecurity cards / passports etc. The student records include:

  • Student transcripts
  • Student enrollment / transfer etc records
  • Student immunization records
  • Student report cards
  • Student referral to services
  • Student birth certificates
  • Court documents involving guardianship records of students
  • Police records involving students and internal investigations
  • Student visa/immigration documents
  • Adult education records including copies of driver’s licenses and/or social security cards
  • In some cases parent driver’s license / social security cards / passports etc where they have been asked for these to confirm
    identity.

Note that DataBreaches’ correspondent reported all this on December 11 — two days before Granite’s update for students and parents, and even when Granite now reported that all students were affected, they did not disclose the range of personal or parental information that was accessed.  The correspondent’s email also contained significant information of interest to former employees as well as spouses and dependents that has not been revealed or confirmed by the District as yet.

DataBreaches did not go through the data leak to attempt to validate all of the former employee’s claims.

“I understand that the school needs time to go through the files,” he wrote, “however, it took me approximately 3 hours to determine that the breach included all payroll back to 1999, had dependents / spouses, and mostly consisted of student records. I believe they should be reporting the extent of the breach.”

As of this morning, he has still not been notified by the district.

Update of 12/21/2024:  450,000 students.

Category: Commentaries and AnalysesEducation SectorHackU.S.

Post navigation

← Sensitive data leaked after Namibia ransomware hack
Securities and Exchange Commission Settles Charges Against Flagstar for Misleading Investors About Citrix Data Breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Masimo Manufacturing Facilities Hit by Cyberattack
  • Education giant Pearson hit by cyberattack exposing customer data
  • Star Health hacker claims sending bullets, threats to top executives: Reports
  • Nova Scotia Power hit by cyberattack, critical infrastructure targeted, no outages reported
  • Georgia hospital defeats data-tracking lawsuit
  • 60K BTC Wallets Tied to LockBit Ransomware Gang Leaked
  • UK: Legal Aid Agency hit by cyber security incident
  • Public notice for individuals affected by an information security breach in the Social Services, Health Care and Rescue Services Division of Helsinki
  • PowerSchool paid a hacker’s extortion demand, but now school district clients are being extorted anyway (3)
  • Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The App Store Freedom Act Compromises User Privacy To Punish Big Tech
  • Florida bill requiring encryption backdoors for social media accounts has failed
  • Apple Siri Eavesdropping Payout Deadline Confirmed—How To Make A Claim
  • Privacy matters to Canadians – Privacy Commissioner of Canada marks Privacy Awareness Week with release of latest survey results
  • Missouri Clinic Must Give State AG Minor Trans Care Information
  • Georgia hospital defeats data-tracking lawsuit
  • No Postal Service Data Sharing to Deport Immigrants

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.