the Olympia School District logo, a line drawing of the capitol dome with the Letters O, S, and D at the base

Olympia

School District

1113 Legion Way SE
Olympia, WA 98501
Office: (360) 596-6100

OSD Data Breach (April 12) - Staff Information

Included below are communications that have come from the Olympia School District relating to the recent data breach. Each of these communications are listed in chronological order, with most recent being listed first. We will continue to update this page anytime additional communications are sent out so that every resource that we have available is listed here.

Additionally, we have compiled a list of commonly asked questions and answers that will be updated as we gather more information. You may access that list here

Should you have any questions please contact the OSD Communications Department at (360) 596-6103, and we will do whatever we can do answer any questions you have.


Friday, July 15, 2016

Good afternoon,

We want to remind you that July 31, 2016 is the deadline for current and former employees affected by the April 12 Olympia School District data breach to sign up for Experian credit monitoring services. If you have not yet signed up for this service, please do so by the July 31 deadline. Our records as the end of June indicate you have not yet signed up for credit monitoring.

The following are some helpful tips when signing up for Experian’s ProtectMyID Elite credit monitoring:

  • As your first step, you need to type the URL to the Experian enrollment website into the address bar in the box at the top of the browser page on your computer. Do not search for this in the Google “Search” bar, which is toward the middle of the browser page. The URL to type in the box at the top of the page is https://www.protectmyid.com/enroll
  • Remember to use your personal email address when signing up for the credit monitoring services.
  • If you encounter any problems in enrolling in the identity protection services online or over the phone because you have little or no credit history, please contact Tricia Kelley at (360) 596-6126 or tkelley@osd.wednet.edu. We will have an Experian representative contact you directly to assist with the enrollment process.

Reimbursement form

If you placed a credit freeze on your account between April 12, 2016 and May 5, 2016, the district will reimburse you for this expense. If you have placed a credit freeze on your account and would like to lift the credit freeze, the district will pay for the credit freeze to be lifted by July 31, 2016. To receive reimbursement, you must apply for reimbursement by August 5, 2016. The document is also available by clicking this online link.

Thank you,

Communications and Community Relations Team


Wednesday, May 25, 2016 (reprinted from staff blog post)

Over the past week, several employees reported receiving a letter from the Internal Revenue Service notifying taxpayers they had received an item from them or an authorized third party on April 15, 2016. The letter does not ask for any action; rather, it says the IRS needs an additional 45 days to respond.

We checked with the IRS agent assigned to our April 12, 2016 district phishing incident, and he said the letter is likely in response to large number of school district employees who faxed or mailed the IRS Form 14039, “Identity Theft Affidavit,” several days after the reported breach. At the end of the work day on April 14, the district provided an email link to the Identity Theft Affidavit form, as well as a fax cover sheet and the offer to use district fax machines to fax the forms and required documentation. Many employees faxed their information on April 15.

If you want to confirm information in the IRS letter you received, call the toll-free phone number listed on the letter: 1-800-829-0922.


 

Tuesday, May 3, 2016 @ 6:20 p.m.

Good afternoon,

We are pleased to inform you that the Olympia School District has scheduled a series of staffed open computer labs where current and former employees affected by the April 12 data breach can drop in to receive technical assistance in signing up for credit monitoring.

The district is providing a series of drop-in times in the training/computer lab, Room 308 at the Knox Administrative Building, 1113 Legion Way S.E. in Olympia. No appointments are necessary. The time to complete the enrollment process varies from one individual to the next; however, it is recommended you allow 30 minutes of time in the computer lab. Drop-in times are:

  • May 5, 1-4 p.m.
  • May 10, 9:30-11:30 a.m.
  • May 12, 4-6 p.m.
  • May 17, 1-4 p.m.
  • May 19, 4-6 p.m.
  • May 23, 1-4 p.m.
  • June 3, noon-5 p.m.
  • June 17, noon-5 p.m.
  • June 20, 7 a.m.-12 noon
  • June 21, 7 a.m.-12 noon
  • June 24, 7 a.m.-12 noon

Please bring your activation code (unique to you) that we sent you in the mail and your personal email address, and we will help you sign up for credit monitoring. Remember that each current or former employee who receives an activation code needs to enroll by July 31, 2016 in order to take advantage of the Experian services.

We also wanted to share several tips for those of you who are signing up on your own for Experian’s ProtectMyID Elite credit monitoring:

  • As your first step, you need to type the URL to the Experian enrollment website into the address bar in the box at the top of the browser page on your computer.Do not search for this in the Google “Search” bar, which is toward the middle of the browser page. The URL to type in the box at the top of the page is https://www.protectmyid.com/enroll
  • Remember to use your personal email address when signing up for the credit monitoring services.
  • If you encounter any problems in enrolling in the identity protection services online or over the phone because you have little or no credit history, please contact Tricia Kelley, finance specialist in the Olympia School District Business and Operations department, at (360) 596-6126 or tkelley@osd.wednet.edu. We will have an Experian representative contact you directly to assist with the enrollment process.

Reimbursement form

If you placed a credit freeze on your account between April 12, 2016 and May 5, 2016, the district will reimburse you for this expense. If you have placed a credit freeze on your account and would like to lift the credit freeze, the district will pay for the credit freeze to be lifted by July 31, 2016. To receive reimbursement, you must apply for reimbursement by August 5, 2016. A copy of the reimbursement form is attached. The document is also available by clicking this online link.

Thank you,

Susan Gifford

Director of Communications and Community Relations

Olympia School District

360-596-6103


 

Monday, April 25, 2016 @ 5:37 p.m.

Good afternoon,

We are pleased to share with you that information about how to enroll in Experian credit monitoring and extended identity restoration services is being mailed tomorrow to addresses on file for those affected by the April 12 Olympia School District data breach. This mailer will also include an activation code unique to each employee that is required as part of the Experian enrollment process.

The information is being sent via the United States Postal Service in a secure mailer, similar to how paychecks are mailed, to adults (18 years of age and older) who worked in this district in the 2015 calendar year and received a 2015 W-2 form from the Olympia School District. The district is providing the Experian ProtectMyID Elite with ExtendCare for these affected employees. 

A separate letter will be mailed to student workers (ages 16-17) affected by the data breach. These student workers will be enrolled in a slightly different product geared specifically for minors.

In addition to receiving the activation code in the mail, employees who have logins and passwords into Skyward may retrieve their activation code and link to the Experian website by logging into Skyward, effective today, April 25. The activation code and website will be visible only to the employee who logs into his or her own account. Attached is a PDF document for employees who have access to the Skyward information system that explains how to view the unique activation code and access the Experian website for enrollments.

Again, for those who don’t have access to Skyward, be on the lookout for your secure mailer, which will be sent tomorrow through the United States Postal Service. That mailer will contain the information you need to enroll in Experian.

Each individual who receives an activation code will need to enroll by July 31, 2016 in order to take advantage of these Experian services.

The Olympia School District will be offering a computer lab setting for employees who need assistance logging onto the Experian website and/or signing up for the credit monitoring. Times and dates for these open labs will be shared with employees affected by the data security incident via email or RoboCall and on the school district website Staff Resources data breach information page.

Thank you,

Susan Gifford

Director of Communications and Community Relations

Olympia School District

(360) 596-6103


Tuesday, April 19, 2016 @ 5:55 p.m.

Good afternoon Olympia School District employees,

We are pleased to let you know that the district has finalized a contract for credit monitoring and extended identity restoration services. The district is providing the Experian ProtectMyID Elite with ExtendCare for affected employees. 

Memberships are being purchased through our insurance carrier for each individual included in the Olympia School District data breach. Only individuals who received a 2015 W-2 form from the Olympia School District were included in the data breach. Therefore, these are the individuals who will be provided activation codes for these memberships.

Each individual will need to enroll in order to take advantage of these products. You will receive a link to a website (unique to the district) and an individual activation code. In the next few days, the district will send these activation codes to affected employees in two ways: the activation code and website will be posted in Skyward and visible only to the employee who logs into his or her own account, and the activation code will be sent in a secure mailer (similar to how paychecks are mailed) to each of the affected employees’ homes via the United States Postal Service.

Individuals under age 18 affected by the breach, such as student workers, will be enrolled in a slightly different product. The district will be reaching out to the families of these young adults to identify the best product option and help with facilitating enrollment. 

Summary of ProtectMyID Elite

Your ProtectMyID Elite membership continues for two years from the date of enrollment. The service provides:

  • Free copy of your Experian credit report
  • Surveillance Alerts for:
    • Daily 3 Bureau Credit Monitoring: Alerts of key changes & suspicious activity found on your Experian, Equifax®, and TransUnion® credit reports.
    • Internet Scan: Alerts if your personal information is located on sites where compromised data is found, traded or sold.
    • Change of Address: Alerts of any changes in your mailing address.
  • $1 Million Identity Theft (per person) Insurance: Covers certain costs including lost wages, private investigator fees and unauthorized electronic fund transfers that occur as a result of this incident.
  • Lost Wallet Protection: If you misplace or have your wallet stolen, an agent will help you cancel your credit, debit and medical insurance cards.
  • Identity Theft Resolution with ProtectMyID ExtendCARE: The service provides toll-free access to U.S.-based customer care and an Identity Theft Resolution agent who is trained to walk you through the process of fraud resolution if you have any issues with identity theft or fraud on your credit accounts. They will investigate each incident and can help with contacting credit grantors to dispute charges and close accounts including credit, debit and medical insurance cards; assist with freezing credit files; and contact government agencies.
    • It is recognized that identity theft can happen months and even years after a data breach. To offer added protection, you will receive ExtendCARE, which provides you with the same high-level of Fraud Resolution support even after your ProtectMyID membership has expired.

Thank you,

Susan Gifford

Director of Communications and Community Relations
Olympia School District
360-596-6103 (Please don't hesitate to call us if you wish to confirm this email came from this department).


 

Monday, April 18, 2016 @ Olympia School Board meeting

Below is a formal statement read by Superintendent Dick Cvitanich at the Olympia School Board meeting. The statement summarizes some of the information sent to all employees in the superintendent's Friday message, along with additional information:

As I mentioned in my Friday message to all employees, last week was certainly a frustrating week for all of us given the data breach that occurred last Tuesday.

I personally want to thank everyone for their patience as we worked through the details of this phishing scam and continue to work through those details.

We are working diligently with our current and former staff members through issues associated with the incident. We learned from IRS special agents in the criminal division that this sophisticated “spoofing” of email accounts has been increasingly happening not only in Washington state, but nationwide.

I also shared with employees that we are working as hard as we can on this data breach in partnership with local law enforcement, IRS special agents, and the Attorney General’s office.

We have already taken steps to better protect our employees’ safety and security. Our payroll department, for example, moved quickly after the phishing incident to implement additional security pertaining to each employee’s financial information.  

Additionally, plans are under way in our district Technology Department to filter the body of outgoing district emails.

We also plan additional safety and security training for all staff, especially as it relates to the transmission of private information via email, Internet and phone.

And there is still more information forthcoming in the days and weeks ahead, including the selection of a credit monitoring service. Our insurance company will be paying for this service, but only for certain vendors. We are negotiating a contract now and expect that credit monitoring will be in place this week.

All information related to this phishing scam has been communicated to current and former employees who have provided us contact information. We have sent them emails, RoboCalls, a questions and answers document, and directed them to a Web page linked from our district Staff Resources page that contains a history of communication since last Tuesday.

We will continue to update everyone as we meet with privacy experts, IRS criminal investigation special agents and law enforcement on any recommendations or other information related to the phishing scam.

We are truly sorry for the impact of this incident to employees. We care deeply about the security of each of our current and former employees and will work diligently to prevent similar incidents in the future.

Thank you,

 

 

 

 


 

Friday, April 15, 2016 @ 6:56 p.m.

From OSD Communications Department

 

Good evening Olympia School District employees,

Thank you for your patience this week as we worked to provide you with information and updates related to the April 12 phishing scam in our school district.

We have some suggestions of next steps that you can do at your earliest convenience:

  1. Apply online for a free credit report from www.annualcreditreport.com.
  2. If you haven’t already done so today, please fill out and fax or mail to the IRS the Identity Theft Affidavit Form 14039 (see attached). If you faxed the document and want to be extra diligent and mail a hard copy as well, feel free to do so.
  3. If you wish to place a fraud alert or credit freeze, visit the following website:https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs#difference If you are asked to attach an incident or police report, the report will not be available until the investigation is complete. However, attached please find a letter from Olympia Police Department Lt. Paul Lower that confirms the report was filed, that the complaint is under investigation, and that the one-page document can serve as official notification of the incident.
  4. With respect to any fees that you may have already incurred, or fees that you may want to incur in the next few days to obtain a credit report, freeze your credit or place a fraud alert, the district will cover these fees. The claim form and process for claiming the refund will be shared with employees by May 2. In the meantime, retain your receipt as proof of purchase.  
  5. We understand that some employees have closed or changed their bank accounts. Typically your bank accounts are protected from fraud. If you change your bank account now, you must notify the Payroll Office (360-596-6189) immediately. If the district does not know that you are making a change, and we proceed to process payroll to have your paycheck direct deposited, and it cannot deposit due to the change you have made, we MUST wait until May 6 (5 days after the April 29 pay date) to issue you a live check. If you call us ahead of time, we can prevent this delay.
  6. Please do not sign up for an ongoing credit monitoring service. Our insurance company will be paying for this service, but only for certain vendors. We are negotiating the contract now and expect that credit monitoring will be in place next week. (We thought that we would have this for you by now in the form of a specific code for you to enroll. However, after discussions with our insurance company today, we learned that codes are specific to each employee affected by the data breach and we need more time to prepare our system so that we can assign the code to you in a secure manner).
  7. We recommend that you remove your birthdate from Facebook and/or other social media venues. We did not release your birthdate as part of the OSD data breach; however, they sent a follow-up phishing email to attempt to obtain it. Again, it was not released. They cannot file a false tax return without it.  Therefore, we suggest that you protect this to a level that you would not otherwise do so.

Again, we appreciate your understanding as we work through the various steps designed to protect the security of our employees. To see copies of all correspondence with employees regarding this matter, please visit the district website Staff Resources page. All forms or other documents shared with employees this week are posted on this Web page.

Thank you,

Susan Gifford
Director of Communications and Community Relations
Olympia School District
360-596-6104

 


Thursday, April 14, 2016 @ 5:49 p.m.

From OSD Communications Department

 

April 14, 2016

Good afternoon OSD employees,

We have continued our research into our April 12 district data breach and wanted to update you on today’s developments. There are two steps we recommend each employee take, as well as an important message from our payroll department.

First, today we met with special agents from the Department of the Treasury Internal Revenue Service Criminal Investigation department. Based on the specifics of this data breach, they recommend that on Friday, April 15 or as soon as possible, each employee files an IRS “Identity Theft Affidavit” form, which is attached. We have attached a fax cover sheet for your convenience. They also recommended we share with you the attached "Identity Theft Prevention and Victim Assistance" information sheet.

There are three attachments for you related to this first step.

Here is a description of the three attachments:

  • IRS Identity Theft Prevention and Victim Assistance: This is an information sheet that describes tax-related identity theft, as well as addresses steps for victims of tax-related identity theft. One of those steps is to complete IRS Form 14039, Identity Theft Affidavit.
  • IRS Form 14039, Identity Theft Affidavit: The IRS agents we met with today encourage employees to fill out this form, regardless of whether or not they have already submitted their personal tax return with the IRS. The form may either be mailed or faxed, and a required fax cover sheet is attached for each employee to use when sending the form. We have notified school offices and support buildings throughout the school district to allow employees to use the district fax machines to fax the forms and required documentation (photocopy of a document to verify your identity) to the IRS. You may use a district copy machine to make a photocopy of the document to verify your identity.
  • Fax Cover Sheet: Use this sheet to fax the IRS Form 14039 and required documentation as described in the second bullet.​

Click on the following to open the three attachments:

Second, tomorrow (Friday, April 15) we will provide you with a code number from our insurance company that will aid you in proceeding with credit monitoring services.

Payroll message

The following is important information from our payroll department:

"The data breach did not include the release of banking information related to your direct deposit account on file with the payroll department. However, if you have closed your bank account or made changes to your bank account, April 15 at 4 p.m. is the last day that payroll can receive these changes to be effective with the April 29 direct deposit. Any changes after April 15 will require that you pick up a live payroll check on April 29. If you make a change with your bank account, please notify payroll department immediately at 360-596-6190."

Again, we will continue to communicate with you as we learn more. Also, we have created and are continuing to update a page of questions and answers about the data breach. Click here to access that page of information.

Thank you,

Olympia School District
Communications and Community Relations Department
(360) 596-6103

 


Wednesday, April 13, 2016 @ 1:30 p.m.

From OSD Communications Department

 

Good afternoon OSD employees,

As Superintendent Cvitanich mentioned in his email and phone message today, we have created an information page of questions and answers related to yesterday’s data breach. You can access the page here. This page will be periodically updated. Please revisit it to check for updates.

Also, if any media contacts you today at school regarding the data breach, please refer them to the Communications and Community Relations Department at 596-6103. The Communications Department issued a formal statement to the press earlier today.

Thank you.

Communications and Community Relations Department
Olympia School District
360-596-6103

 


Wednesday, April 13, 2016 @ 10:41 a.m.

From Superintendent Dick Cvitanich

 

Good morning,

Like you I am very concerned regarding the data breach that occurred yesterday. I want to bring you up to date on how we will provide support and move forward in addressing this issue. This information is by no means exhaustive as we will continue problem solving today with experts in the field.

When learning at the end of the day that an outside entity "phished" our district for confidential information, we responded immediately by convening a team to discuss appropriate steps regarding potential impact on current and former employees. The email sent to staff yesterday at 7:15pm came after we confirmed the "phishing" scam. In addition we notified the Olympia Police Department, Internal Revenue Service, and the Washington State Attorney General's office as initial responses.

This morning we have been working with security experts, legal counsel, insurance carrier, and our own technology team regarding the number of issues associated with this breach of information. Our first priority is ensuring the security of your personal data. We have created an information page of questions and answers related to this data breach. The Communication's Department will be sending you a link to access this information which will be regularly updated.

Finally, please note that my Gmail account is secure. The "phish" resulted in an outside entity "spoofing" my email address, then applying an outside and unknown address for the reply. This led the employee to believe the email came directly from me and that the reply would come directly to  me.

In addition to the above, I will send a robo call to all staff to serve as confirmation of this email. We understand that personal information is extremely important to all of us and will continue to work diligently to support you and provide resources for protecting your personal information. We will provide access to credit monitoring and identity theft resolution services at no cost to you. We are in the process of setting this up and additional details will be forthcoming.

If you have additional questions, please direct them to the Communication Department at x6103. Your question may be of value to other staff members. Thank you.

Dick

 


Tuesday, April 12, 2016 @ 8:54 p.m.

From OSD Communications Department

 

To all OSD employees,

Please note the correct title and link for the Federal Trade Commission IdentityTheft.gov website referenced in the email sent earlier tonight. Here is the direct link to the website:

https://identitytheft.gov/

Thank you,
Communications and Community Relations Department
360-596-6103

 


Tuesday, April 12, 2016 @ 7:15 p.m.

From OSD Communications Department

 

Good evening Olympia School District employees,

Within the past hour we learned that there was a personal data breach at approximately noon today in our district. Someone posing as the superintendent requested via email a PDF listing of all employee names, addresses, salary information and social security numbers. The list included information for employees who received a W-2 form for the calendar year January 1, 2015 through December 31, 2015.

We have contacted law enforcement, and our Technology Department is doing what it can to locate any possible information that could be helpful in an investigation.

We understand the severity of this issue and will deploy a privacy expert to advise employees on protective measures. We will deploy a system for employees to monitor their finances.

There are resources we will make available to you. However, we recommend initially that one option is for you to go to the Federal Trade Commission IdentifyTheft.gov website to report an identity theft. You can follow the prompts from the Home page beginning with reporting the identity theft. Options available to you include requesting a free credit report and a credit freeze.

More information will be forthcoming as soon as we have additional information to share.

Thank you,
Communications and Community Relations Department
360-596-6103