Olympia schools have explaining to do

A data breach involving Olympia School District employees showed us again this week that even educated people get spoofed in our Internet age.

Olympia police and district officials say that a school staffer provided lists of all 2,164 district employees to a third party who requested them by email on Tuesday.

The information included names, Social Security numbers, salary information and addresses.

The email requesting the data was made to look like that of Superintendent Dick Cvitanich. The data was sent to the requester about noon and the spoof — known as phishing — was discovered late in the afternoon.

Once the fraud was understood, the school district took good steps to control the damage.

Officials notified police, the Federal Trade Commission and the Internal Revenue Service in the early evening hours. They also sent an explanatory email to all employees at about 7:15 p.m. and pledged to give free credit monitoring and services to help resolve identity theft, if these are needed.

“We understand the severity of this issue and will deploy a privacy expert to advise employees on protective measures,” the email stated. “We will deploy a system for employees to monitor their finances.”

District spokeswoman Susan Gifford said the district “is re-examining its procedures and training.”

That also is a good move, if not a bit of understatement.

We can imagine the school employee hoodwinked by the scammers feels terrible — and embarrassed.

But how this error came to pass should be explained to the public.

Regrettably, data breaches are becoming a fact of life in our era and a boon for identity thieves. Also benefiting are credit monitoring companies that offer services to protect against the damage that a theft of personal data — in the worst case, identity theft — can inflict.

Businesses have had their share of losing financial data of customers to hackers. And governments at all levels are vulnerable.

Only last week, lawmakers in the U.S. House blasted the Obama administration over its slow response to questions about the theft of a laptop from a federal child-support office in Olympia. For reasons not yet explained, the personal laptop was used for child-support audits; it along with hard drives containing personal information for potentially 5 million people were taken.

Two men were taken into custody in connection with the laptop theft. We can hope for as much in the school theft, but the more important outcome is better prevention.

In that regard we can all learn from our local school house.



Leave a Reply

Your email address will not be published. Required fields are marked *