You won’t believe what I’m about to share. One of our friendly states across the pond over in Utah, USA, recently experienced a massive data breach within its Granite School District, with some old employees feeling quite miffed about the whole response process.
I bet your heart just dropped, right? Mine did too! Imagine thinking you’re minding your business, then out of the blue, Rhysida, a group that’s about as enjoyable as a cold cuppa, hits you with a whopping 2.4 terabytes of stolen data. Talk about a shocker!
Around mid-September last year, the district identified some odd goings-on in its network, eventually discovering unauthorized access to some of its computer systems. At first, they didn’t know who was behind it, but the cat was out of the bag when Rhysida claimed responsibility early November.
So, let’s do some quick maths here. That’s a good few weeks since the district learned about the attack, and yet, we’re still left wondering what type of information got nicked. The frustration is palpable, especially for the ex-employees who feel left out in the dark.
What really twists the knife though, is that it wasn’t until mid-December, almost two months after the breach, that the district admitted that every student was affected – both the old guard and fresh faces just starting their journey. We’re talking names, addresses, phone numbers, health records, grades, and even social security numbers in some cases. As if navigating the world of academia wasn’t challenging enough!
And friends, the news wasn’t much better for the employees. Initially, the district claimed that only current employees were affected. Not quite the case, as it turns out. And to add insult to injury, it’s been more than a month since Rhysida bragged about the attack, and the district still hasn’t clarified the situation properly for previous employees or the family members of current or former employees.
Take the case of Sheri Harris, a former employee who found out about the breach through a mate’s Facebook post. Can you believe that? One minute, she’s probably chuckling at a meme, the next she’s frantically cancelling her main bank account. Talk about a shock to the system.
Despite all this, the district seemed committed to identifying and supporting affected former employees, which is comforting, I suppose. However, they’ve left the actual effort of letting ex-employees know to current ones, which feels a bit like shifting the blame if you ask me.
And if you think that’s all, hold onto your tea, dear reader, because it gets worse. According to an anonymous old boy who reached out to DataBreaches, the district’s early claims of no former employees or dependents being affected was a load of codswallop. It turns out the stolen data included information dating back to 1999, including records of old-timers and loads of information about students dating back to the ’80s.
So after all is said and done, my good fellows, the moral of this ghastly tale begs us to remember something quite basic. In an ever-growing digital world, prioritising proactive security protocols isn’t just a good idea, it’s an absolute necessity. Otherwise, you might have a situation as messy as this poor Utah school district on your hands, and let’s just say, it’s not a spot of bother one would fancy dealing with.
by Parker Bytes
