recommended reading


Fake School Superintendent Tricks Employee into Releasing Teacher Tax Forms

Social engineering; Spear-phishing; Stolen credentials

An email configured to look as though it had originated from Olympia School District Superintendent Dick Cvitanich’s work account was sent to one of his staffers. The message asked for a list of employee names, addresses, salary information and Social Security numbers.

At noon on April 12, the employee sent the outside entity the requested information. School officials learned about the fraudulent email, known as a phishing attack, later that afternoon, toward the end of business hours.

Between 5 p.m. and 7 p.m., school officials notified Olympia Police, the IRS, the Attorney General’s Office and the Federal Trade Commission. Officials then sent an email to all employees at about 7:15 p.m.

District employees who received a W-2 form for the calendar year Jan. 1, 2015, through Dec. 31, 2015, are affected by the data breach.

The attacker did not get a hold of students’ information. 




April 13, 2016

reported by

The Olympian

number affected

2,164 employees

location of breach

Washington , United States



location of perpetrators


date breach occurred

April 12, 2016

date breach detected

April 12, 2016