-
Cardinals Reportedly Could Be Top Landing Spot For St. Louis Native, Future Hall Of Famer - 31 mins ago
-
Iranian Agents Plotted to Kill Trump, U.S. Says in Unsealed Charges - 33 mins ago
-
Mountain fire destruction shown in before-and-after satellite photos - 37 mins ago
-
Don’t Stifle AI With Regulation | Opinion - about 1 hour ago
-
Trump’s Win Shows Limits of Biden’s Industrial Policy - about 1 hour ago
-
USC President Carol Folt to retire in July - about 1 hour ago
-
Cowboys’ Mike McCarthy Offers Promising Update on Micah Parsons Week 10 Status - 2 hours ago
-
Beyoncé and Young Women Pop Sensations Lead 2025 Grammy Nominations - 2 hours ago
-
Our Kids Shouldn’t Be Silicon Valley’s Guinea Pigs for AI | Opinion - 2 hours ago
-
Beverly Hills High limits gatherings in wake of Trump celebrations - 3 hours ago
Ransomware hack leaves Glendale Unified staff waiting for tax returns
The IRS recently notified teachers, nurses, counselors and other faculty members in the Glendale Unified School District that they could not file their taxes this year because they already had — or at least somebody using their information did.
In December, the school district with more than 25,000 Los Angeles County students learned that it was the latest victim of a ransomware attack aimed at institutions that store sensitive data, but lack the same type of security standards of a large government agency. The attackers locked district employees out of their own system and demanded an undisclosed ransom for the safe return of their data, according to a district spokesperson. The data included employee and student names, addresses, dates of birth, Social Security and driver’s license numbers and financial account information, according to a letter sent to district employees reviewed by The Times.
In the ensuing months, the full extent of the breach emerged when district employees tried to file their federal and state income taxes but couldn’t because they’d already been filed fraudulently.
As of Friday, at least 231 union members have been impacted by the breach and many were required to verify their identity with the IRS to legitimately file their taxes, said Glendale Teachers Assn. union president Taline Arsenian.
“The [union] members are spending a lot of their time to clear this issue,” Arsenian said. “It’s very time-consuming when you get down to it.”
The first sign of a problem arrived in district inboxes on Dec. 6. In an email, the district asked employees and students to stay off their Chromebook laptops and not log in to their school accounts.
“After learning of the cybersecurity incident, GUSD immediately partnered with local law enforcement, outside cybersecurity experts, and the FBI to investigate its scope and assess the potential risk to our employees and students,” district spokesperson Kristine Nam said in an email.
Around the same time, Glendale Unified reached out to employees going back 20 years, or about 14,000 people, and notified them that they could potentially be impacted by the data breach, Nam said.
It’s unclear whether all the information compromised in the breach was accessed and posted to the darkweb, a part of the internet not accessible by traditional search engines, but often where stolen information can be found. But the district has offered one year of free credit monitoring and identity theft detection service for anyone who wants the service as a precaution regardless.
Still, some employees have not been satisfied with the district’s handling.
A current employee, who wished to remain anonymous for fear of retaliation from their employer, said the district has been slow to disclose information about the data breach.
“They’ve been so unclear about what happened. It’s been on a need-to-know basis,” the employee said. “The reality is that my information is out there and the damage could happen years from now.”
In contrast, when the second-largest school district in the country, Los Angeles Unified, was the target of a ransomware attack in September 2022, district administrators notified the public within days that they had partnered with the FBI, the Department of Homeland Security and local law enforcement to investigate the situation.
Glendale Unified, on the other hand, did not initially let district employees know about what was happening and information since then has been released as a “slow drip of updates,” the anonymous employee said.
In response to the criticism, Nam said Glendale Unified is “committed to being fully transparent with our community and providing employees, students, and families with as much information and support as possible. As is protocol in any cybersecurity incident, communications are dictated by law enforcement and the external cybersecurity team.”
In January, the district announced personal data on the school’s network was accessed in a ransomware attack, including some current and past employees and students. In late February, the district notified the California Franchise Tax Board about the data breach “after an employee reported concerns about their tax filing,” according to Nam.
On March 4, a district administrator sent out a districtwide email warning employee’s of the fraudulent activity. That administrator included the phone number and mailing address for the California Franchise Tax Board, along with a link to an IRS webpage to help protect against identity theft.
“At that point, it felt like the cat was already way out of the bag,” the anonymous employee said. “They have just been unhelpful through all of this.”
Though Nam said that no student information had been compromised in the breach, she acknowledged there could be a small handful of exceptions like paid student tutors whose financial information is in the school’s information system, after The Times provided a copy of a districtwide email that said data for some current and past employees and students was stolen.
“We do not have reason to believe that, in general, students’ personal information was compromised by the data breach,” Nam said. “If we identify that a student’s personal information was compromised for any reason, we would notify the student and parent/guardian directly.”
Clifford Neuman, director of the USC Center for Computer Systems Security, said if a ransomware attack gains access to someone’s wage and tax statement commonly referred to as a W-2, it’s a “treasure trove of information for someone looking to commit identity theft.”
But there is different information stored for an average student that is likely not the type of information used to fraudulently file taxes, Neuman said.
School districts are not necessarily a high-priority target for the type of people who would be behind a ransomware attack, but they’re relatively easy targets because they have so many vulnerabilities, Neuman said. The “attack surface” on a school district is larger than a bank’s, for example, because there are more people exchanging emails and documents through email in a school. Ransomware perpetrators understand that schools and hospitals are willing to pay a ransom to regain access to their systems because it’s valuable information and in the case of a hospital, potentially a life or death situation.
If someone were to trace where the Glendale Unified ransomware hack originated, it could be something as simple as someone on the district’s network visiting a website with an outdated web browser, Neuman said.
“It’s pretty hard to secure their systems against all of these types of instances,” he added.
For all the impacted employees in GUSD, Neuman expects the IRS would be held liable if they processed any fraudulent filings and sent a check to a fake address, not the school district.
“That takes a long time to straighten out,” Neuman said.
Arsenian, the union president, said that employees impacted by the fraudulent filings have been told they’ll have to wait three to six months for their income tax returns.
Source link