Cyber Incident Victim: Washington County School District (AOS 77)
Date:
Dec 2018
Location:
United States of America
Summary
A school department in Washington County (AOS 77) experienced a data breach compromising personal information of current and former employees, with approximately 2,000 individuals notified by the superintendent. The incident exposed sensitive details including Social Security numbers, dates of birth, and addresses, though student data remained unaffected. The unauthorized access targeted the central office systems, prompting direct communication to impacted staff regarding potential risks to their private information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In December 2018, the AOS 77 school department in Washington County, Maine, experienced a data breach affecting current and former employees. During the week preceding December 12, approximately 2,000 individuals received formal notification from the superintendent regarding unauthorized access to personal information stored within the central office systems. The breach exclusively targeted employee records, with no evidence indicating compromise of student data. While the exact intrusion timeline and attack methodology remained undisclosed, officials confirmed that threat actors potentially accessed sensitive personnel information. The incident prompted immediate administrative action to inform affected parties through direct mail correspondence.
The compromised data included full names, dates of birth, residential addresses, and Social Security numbers—critical identifiers exposing victims to potential identity theft and financial fraud. School authorities did not publicly disclose technical details regarding the breach's origin, duration, or containment procedures beyond the notification effort. No information was released about whether ransomware, external hacking, or insider threats caused the incident. The disclosure emphasized the exposure of employee records exclusively, underscoring that instructional systems and student databases remained unaffected. This breach highlighted operational vulnerabilities in administrative data storage practices within the educational institution's infrastructure.