A school district in California fell victim to a phishing attack. Databreaches.net posted a letter from Carmel Unified School District. In the letter dated March 8, 2019, the District stated, “An outside individual sent a ‘phishing’ email to certain District employees that resulted in unauthorized access to some District email accounts.”
Unfortunately, one of those accounts included documents containing employee information such as social security numbers, spouses’ and dependents’ social security numbers, birth certificates, and some sensitive medical information. This type of attack could lead to a FERPA violation for the district.
“An outside individual sent a ‘phishing’ email to certain District employees that resulted in unauthorized access to some District email accounts.Those documents may have contained employees’ or dependents’ information.”
— Carmel Unified School District, March 8, 2019, letter to employees
Phishing Incidents Are Increasing
CI Security is seeing far more sophisticated phishing happening recently. That’s one of the reasons we use authentic Managed Detection and Response to limit the damage done by phishing. CI Security’s analysts are able to detect when an employee enters a password on an unencrypted site, a common phishing trick.
In a recent case, CI Security was able to catch a targeted phishing incident before the criminal did significant damage to a public agency.
If you’re interesting in knowing more about how to use authentic MDR to combat phishing, send us a note.