School District Updates on Event: Victim Number Continues to Rise
Table of Contents
- By Steven
- Jan 08, 2024
Edmonds School District (ESD) is in south Snohomish County, Washington. The district involves 35 schools, including Brier, Edmonds, Lynnwood, and Woodway institutions. The faculty of these schools serve over 20,000 grade-school students, with nearly 1,300 teachers leading diverse learning environments. Almost a year ago, ESD noticed suspicious activity within their network; after an investigation, officials determined the cause was a cybersecurity event. The unauthorized actor acquired data from ESD’s network, and 12 months later, they released an update: 145,844 individuals may have data exposures.
How Did the Attack Occur?
The unauthorized actor entered ESD’s network environment and had the opportunity to view and steal information while within it. Whether the assailant achieved disruption of the network is unclear; ESD did not immediately have the resources to send notices to those impacted and did not obtain them until December 2023. The limitations might indicate that the criminal interrupted their network and severed data from their reach; otherwise, ESD did not have mailing information for everyone impacted by the breach until now.
What Information Was Viewed or Stolen?
The data stolen in this event differs between individuals, but the risks remain concerning. Some individuals may have had their names and SSNs exposed; others may have lost their addresses, financial account data, and employee ID numbers. Driver’s license numbers, dates of birth, student ID numbers, medical information, and student records may have had exposures, too. The information comes from students, staff, parents, and guardians. Consequently, guardians must act to protect their data and their child’s data from misuse.
How Did Edmonds School District Admit to the Breach?
According to the breach updates published on the Maine Attorney General’s website, investigations have concluded much about the event. The assailant entered ESD’s network around January 16th, 2023, and remained in it until around January 31st. On that day, officials noticed and responded to the threat. Investigations opened immediately, but ESD could not determine everyone who had data exposed by the event. Since the investigations opened, ESD has notified those impacted in May 2023, October 2023, and December 2023. Consequently, some victims may receive duplicate notices from this event.
What Will Become of the Stolen Information?
The criminals stole data in this event that they can misuse. They could use the data to inform their phishing plots or impersonate online acquaintances; identity, financial, and medical fraud are possible schemes. The criminals could sell the records online for immediate cash or store them for a later transaction. Moreover, now that the criminals have the data, they can use or sell it anytime—subsequently, victims must protect themselves.
What Should Affected Parties Do in the Aftermath of the Breach?
The information taken during this breach comes from students, parents, and staff; as a result, parents must take measures to protect their and their children’s data. Start by securing all online accounts and reviewing the profile elements of children’s accounts—enabling parental controls where necessary. Warn children not to respond or interact with strangers online, and then take steps to limit their potential outside interactions. Enable multi-factor authentications on all accounts possible, and never save passwords in the browser—use a password manager instead. Lastly, consider account monitoring services to watch over those accounts you use sparingly; they’ll notify you instantly of suspicious activities. Since the data is “out there,” securing it can be challenging, but professionals are there to help mitigate the consequences.