Spectrum News reports:
The Williamsville Central School District says it was the victim of a cybersecurity breach in December.
The district says a limited number of spam emails containing potential malicious links were sent to parents by an unauthorized user.
The district says the State Education Department was immediately notified and the incident was resolved within a few hours.
The superintendent says nearly 160 emails contained potentially sensitive student information, but an outside forensic team investigating the breach believes it’s unlikely that data was stolen.
Read more at Spectrum Local News.
There does not appear to be any notice on the district’s website. So what has the district learned about how the bad actor obtained access? Was it a phishing incident? Re-use of credentials by an employee across sites? Something else? And although it was “unlikely” that data was stolen, will the district notify parents or offer any services?