Back in August, school district officials thought maybe just a few NISD email accounts had been compromised but brought in a computer forensics team just to be sure, says district spokesman Barry Perez. As the team investigated, the problem kept ballooning. By last month, Perez says, the district had learned that personal information of some 23,000 current and former students and staff — like addresses and social security numbers — had been exposed during the security breach.
"At first we thought it was a problem with some fishing-type links and emails to a few staff members," Perez told the Current
. "It just kept growing from there."
While Perez says there's no evidence anyone's been subject to identity theft because of the hack, the district sent out a letter to the thousands of people who had their information exposed. Perez says the district reported the issue to law enforcement, and NISD is now offering the affected people an identity monitoring service for free for one year.
Perez says also says the hack's been a wakeup call of sorts for the district. They're now insisting students and staff implement some basic best practices — easy stuff, like strong passwords and not opening emails and attachments from people you don't know. NISD officials are also urging staff and students to forward any questionable looking emails to the district's tech department for screening.
"Basically, we're trying to re-train and re-teach people to just implement some of these basic best practices," Perez said.
At first, it was just a few Northside ISD staff members who went to the district's IT department, concerned about some random emails from strangers with attachments they were afraid to open.