King, Pierce County schools hit with data breach targeting personal information

The Puget Sound Educational Service District (PSESD) sent out a notice to current and former students and employees of King and Pierce County Schools upon learning of a data breach within their computer network.  

"Some types of personal information leading to our employees and potentially students could have been impacted. We're still working to determine the full nature and scope of that," said Jessica de Barros, PSESD Executive Director of Communications, Government and Public Relations.

In a press release sent out on Tuesday, further investigation found that certain employee emails were hacked between April 5 and Aug. 6 of 2020.

It's unclear what specific information was hacked, but PSESD officials said it could potentially be employees and/or students' names, dates of birth, Social Security numbers, financial account information, and high-level medical information. 

"We had no reports that information was misused, but we are providing individuals notice through this press release out of an abundance of caution and diligence," said de Barros. 

It remains unclear the method used by hackers in this case. However, according to cybersecurity experts, most data breaches occur in unsuspecting emails or outside links. And while hacking an educational entity isn't like hacking into a bank, the information gained is still valuable.

"It doesn't matter if you're Joe's Body Shop or King County School District, it doesn't matter," said Tim Mason, a cybersecurity faculty member at Green River College in Auburn. "If I can get your Social Security Number, your address, information like that, maybe I can open up an account at a bank someplace and get a mortgage on a home."

Mason, who is also a Certified Ethical Hacker, said protecting yourself comes down to practical steps. He said one step is to keep a vigilant eye on emails and email attachments.

According to Mason, many times hackers will send phishing malware in emails pretending to be someone you know. He said to look out for anything unusual or perhaps misspellings.

"You also want to notify your IT department. And this goes for students too," said Mason.

Other practical advice includes updating your anti-virus software, constantly checking your bank account and credit reports, and not using the same passwords.

"We really need to pay attention to these things because it's easy to forget. Do we need to do this, yes we do," said Mason.