Cyber Incident Victim: Lake Oswego School District

On July 5, 2018, the Lake Oswego School District experienced a cybersecurity incident involving unauthorized access to an employee email account. Christine Moses, the district's spokesperson, had her email account compromised, enabling attackers to send phishing emails containing malicious links to approximately 200 district students. The phishing attempt occurred the day before a separate but temporally proximate breach of the district's official Twitter account. There was no immediate indication that sensitive student data was exfiltrated through the email compromise, though the district warned recipients about the fraudulent messages. The email breach represented a direct attempt to target students through compromised institutional communication channels.

On July 6, 2018, attackers gained control of the district's Twitter account (@LakeOswegoSD), posting a tweet at 2:36 p.m. that announced a change to the account in all capital letters. The tweet originated from a suspicious account (@choppiq) identifying itself as "Bot-Net," which had been created in June 2018 and showed no prior activity. While the Twitter breach occurred within 24 hours of the email compromise, the attackers made no reference to the earlier phishing campaign in their tweet. District officials did not confirm whether the two incidents were linked, though the overlapping timeframe raised questions about potential systemic vulnerabilities. The full scope of both breaches remained unclear, with no public confirmation of whether attackers accessed additional systems beyond the email and Twitter accounts. The district issued warnings about both incidents but did not disclose specific containment measures or forensic findings regarding the attacks' origins or methodologies.