Carmel Unified School District notifies employees of phishing incident

Ouch. This isn’t a W-2 phishing attack, but in some ways, it seems even worse.

Carmel Unified School District notified employees that a successful phishing attack had gained access to an employee’s email account that had “a limited number of documents.”

Those documents may have contained employees’ or dependents’ information:

  • Employee social security numbers
  • Spouses’ and dependents’ social security numbers
  • Employee/spouse marriage certificates
  • Employee dependents’ birth certificates
  • Doctor’s notes excusing employees from work or authorizing them to return to work, some with sensitive medical information

You can read the full notification below.

Carmel Unified Phishing Incident - CA Attorney General Sample_0

About the author: Dissent