Cleveland Metropolitan School District, (“CMSD”), recently discovered an event that that may affect the security of personal and financial information of a select group of employees, students, their guardians, and/or other affiliates of CMSD.
What Happened? On March 6, 2017, CMSD determined that certain categories of employee, student, and/or guardian information contained in a limited number of CMSD employee email accounts may have been accessed by an unknown and unauthorized individual. By way of background, on January 13, 2017, CMSD received information that suspicious IP addresses had been detected accessing the CMSD computer network. Further investigation revealed that spoofed emails were sent to district employees directing them to click on a fraudulent link and enter their CMSD credentials.
CMSD learned that after employees entered their credentials, unknown and unauthorized actor[s] used those credentials to access affected employees’ CMSD email accounts or other electronic information. After hiring an outside computer forensics expert and conducting a comprehensive forensic investigation, CMSD was able to identify the individuals whose information was contained in the affected employees’ email accounts.
What Information Was Involved? On March 6, 2017, CMSD determined that the following categories of employee, student, and/or guardian information were contained in one or more of the affected CMSD email accounts and may have been accessible to the unauthorized actor[s]: name, Social Security number, driver’s license number, medical record number, and/or medical history. Please note, that CMSD is not aware of any attempted or actual misuse of the personal information contained in the email accounts.
What We Are Doing. We take this incident, and the security of information in our care, very seriously at CMSD. Since the original incident occurred on January 13, we have been diligently investigating, with the assistance of third-party forensic experts, and have taken steps to further enhance the security of our systems to better protect against future incidents of this kind. In addition, we are mailing written notice of this incident to all potentially impacted individuals for whom we have contact information, along with the same information contained below, entitled “Steps You Can Take to Protect Against Identity Theft and Fraud.” We are also reporting this incident to the U.S. Department of Health and Human Services and posting notice of this incident on our website at www.clevelandmetroschools.org.
What You Can Do. CMSD is encouraging employees, students, and their guardians who believe they may be affected as a result of this incident to review the below “Steps You Can Take to Protect Against Identity Theft and Fraud,” and to call our confidential toll-free hotline at 888-752-4096, Monday through Friday, 9:00 a.m. to 9:00 p.m., E.D.T. or visit online at www.clevelandmetroschools.org.
CMSD sincerely regrets any inconvenience or concern this incident has caused. Below are “Steps You Can Take to Protect against Identity Theft and Fraud,” should you have concerns regarding the security of your protected health information or personal information.
SOURCE: Cleveland Metropolitan School District
So, the original Jan 13 incident was reported here: http://www.news5cleveland.com/news/cleveland-metropoltian-school-district-teachers-experience-email-scam-resulting-in-paycheck-hack. This disclosure (in your post) seems rather ambiguous and suggests a second follow-on breach, related to but different from the first. If so, among other questions, one wonders whether CMSD forced a password reset after the first breach…