Ransomware hack leaves Glendale Unified staff waiting for tax returns

/in


The IRS recently notified teachers, nurses, counselors and other faculty members in the Glendale Unified School District that they could not file their taxes this year because they already had — or at least somebody using their information did.

In December, the school district with more than 25,000 Los Angeles County students learned that it was the latest victim of a ransomware attack aimed at institutions that store sensitive data, but lack the same type of security standards of a large government agency. The attackers locked district employees out of their own system and demanded an undisclosed ransom for the safe return of their data, according to a district spokesperson. The data included employee and student names, addresses, dates of birth, Social Security and driver’s license numbers and financial account information, according to a letter sent to district employees reviewed by The Times.

In the ensuing months, the full extent of the breach emerged when district employees tried to file their federal and state income taxes but couldn’t because they’d already been filed fraudulently.

As of Friday, at least 231 union members have been affected by the breach and many were required to verify their identity with the IRS to legitimately file their taxes, said Glendale Teachers Assn. union president Taline Arsenian.

“The [union] members are spending a lot of their time to clear this issue,” Arsenian said. “It’s very time-consuming when you get down to it.”

The first sign of a problem arrived in district inboxes on Dec. 6. In an email, the district asked employees and students to stay off their Chromebook laptops and not log in to their school accounts.

“After learning of the cybersecurity incident, GUSD immediately partnered with local law enforcement, outside cybersecurity experts, and the FBI to investigate its scope and assess the potential risk to our employees and students,” district spokesperson Kristine Nam said in an email.

Around the same time, Glendale Unified reached out to employees going back 20 years, or about 14,000 people, and notified them that they could potentially be affected by the data breach, Nam said.

It’s unclear …

Source…