The Olympia School District’s recent data breach included personal information for about 90 student workers, assistant superintendent Jennifer Priddy told the School Board on Monday night.
Most of those teen employees are tutors, according to Olympia schools spokeswoman Susan Gifford. Students also are paid to help manage school theater productions, she said.
Officials have been working with the students’ families on the data breach, and extra resources will be provided to the workers once they turn 18 and are eligible for credit monitoring services, Priddy said.
“This is a group that is typically underserved in our experiences with data breaches across the country ... so the tools (that) are being developed to address the need for this group are new and I think require a little more active management,” Priddy told the School Board.
On April 12, an email — configured in a way to look as though it had originated from Superintendent Dick Cvitanich’s school district account — was sent to an employee requesting a list of employee names, addresses, salary information and Social Security numbers, officials say.
A list with that information was released to the outside entity that had spoofed Cvitanich’s account, according to Gifford. It’s a scam that’s known as phishing; officials learned about the fraud a few hours after it happened.
Employees who received a W-2 form for the 2015 calendar year were affected by the data breach, according to a letter sent to the district’s 2,164 employees.
Employees have until July 31 to sign up for credit monitoring services that the district will provide.
Priddy told the School Board that the district is offering open lab times in its computer training rooms for employees to sign up for the two-year credit monitoring program, which includes free credit reports, suspicious activity alerts and identity theft insurance.
“We’re staggering the times so that all types of our employees can find a time that will work, when they are starting a shift or ending a shift, and we’re staggering the days,” she said.
After Priddy’s update, Cvitanich said officials are in the process of examining language in the district’s policies and procedures for handling sensitive information, but they’re also looking at ways technology could prevent future scams.
“No matter how hard you train, people make mistakes, and it’s hard to stay ahead of the people who do this (scamming) for a living,” he said.
Cvitanich said data breaches are becoming more widespread.
“We did learn I think today that another educational institution suffered the same fate,” he told the School Board. “And we feel badly for them, and we’re trying to serve as a resource for them as well.”