14 DAY TRIAL // Personal information of more than 1,000 employees of Provo City School District has been accessed by an unidentified party, who used phishing to breach the systems.
The total number of individuals affected is 1,037, which is about half of the people working for the Provo district, and they are all members of the school staff; no details about the students seem to have been exposed.
“Student information was not stolen, it was strictly employee information,” Caleb Price, communications coordinator at the educational institution told local TV station ABC 4.
It appears that the information exposed to the attacker(s) consisted of names, dates of birth and social security numbers, although other type of data could also be involved.
There is no information on the victim of the phishing attack, but it is clear that the institution needs to ramp up training for employees against this type of threats and have them make the difference between a valid email and a fraudulent one.
No evidence exists that the data accessed was actually copied and extracted from the storage system, but the risk of identity theft still exists until this can be confirmed with certainty.
Among the measures for better security is training employees to discern between a phishing attack and a valid message.