North Oldham High School is the target of a data breach that has potentially exposed the names, social security numbers along with other personal information of 2,800 former and current students.
A malicious attacker and spammer breached a computer located within North Oldham High when a nutrition services staff member fell for a phishing scheme and accessed a website laced with malware. The school is currently in the process of alerting nearly 3,000 students who are likely to be affected by the breach, according to WBRB news.
Tracy Green, a spokeswoman for Oldham County Schools, revealed that the breach occurred on September 10 when the staffer “ended up at a website that wasn’t the site she intended to be on.”
As it turned out, the computer from where the malware-ridden website was accessed contained information of 2,800 current and former students. The breach of data included:
- Social security numbers
- Telephone numbers
- Date of Birth and more
“A staff member who uses the computer noticed that something was wrong with her computer, she called the school technology coordinator and the coordinator found that there was an issue and notified the district,” spokeswoman Green said.
Related article: California State University Breach Impacts 79,000 Students
A letter was sent out to students of North Oldham High, communicating the news of the breach to them. It read:
“Dear North Oldham High School student:
We are contacting you because we have learned of a data security incident that occurred on Sept. 10, 2015, that may have involved some of your personal information. We do not have evidence at this time that personal information was accessed but we also cannot say definitively that it was not.”
The letter, in its entirety, can be found here.
Additionally, the letter also confirmed that credit card details and other contact information were not a part of the breached database.
Furthermore, the letter adds that Oldham County Schools have advised “three major U.S. credit reporting agencies” about the incident while withholding any personal information of possible victims from the agencies.
In light of the incident, Green noted that Oldham County Schools is reviewing other databases storing sensitive and personal information to ensure the information is encrypted.
“This can happen any day, to anybody,” Green added. “It’s not an uncommon kind of scam.”
The district has set up a dedicated email address for questions regarding the incident: DataSecurity@oldham.kyschools.us