Two-factor authentication frustrated an attempt to steal nearly $2 million in payroll funds from the Thomas County School System in southern Georgia, according to district officials.
Hackers gained unauthorized access to a district computer storing private banking information around Feb. 7 that included the names, ID numbers, and bank account and routing numbers of district employees, according to a breach notice published by the district on Tuesday.
“This was a targeted attack,” Dusty Kornegay, the K-12 district’s public relations officer, told EdScoop.
The district’s investigation has revealed the hackers sought to infiltrate the district’s banking system to transfer money from the district’s payroll accounts to their own accounts, but the district’s security protocols put a stop to the activity before any money was transferred.
Kornegay said the school district requires a second form of authentication before funds can be transferred, so when the district’s bank received a suspicious, automated clearing house transfer request, it checked with the school system before processing the request. As a result, no funds were lost, he said.
According to the district’s breach notification, shortly after learning of the intrusion, BlueVoyant, a global cybersecurity defense firm, was hired to investigate the attack and implement software to prevent future incidents.
The Thomas County School System holds a cybersecurity insurance policy, which is helping to cover forensic and legal costs, Kornegay said.
School employees were notified of the attack on Monday and urged to monitor their bank accounts for potential fraudulent activity.
The scope of the incident is still being investigated, but the district says no Social Security numbers or passwords to employee accounts were accessed by the hackers.
The district states in its breach notification that it is committed to enhancing its overall security architecture and that “protecting the security of our employees’ personal information is a top priority.”