Carmel Unified School District

Carmel Unified School District notified employees that a successful phishing attack had gained access to an employee’s email account that had a limited number of documents.

Compromised documents contained employees’ or dependents’ information such as Employee social security numbers, Spouses’ and dependents’ social security numbers, Employee/spouse marriage certificates, and Employee dependents’ birth certificates.

The district is unable to determine whether a specific piece of information in the account was accessed.

Source: https://www.databreaches.net/carmel-unified-school-district-notifies-employees-of-phishing-incident/

TPRM report: https://scoringcyber.rankiteo.com/company/carmel-unified-school-district

"id": "car977323",
"linkid": "carmel-unified-school-district",
"type": "Data Leak",
"date": "03/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Education',
                        'location': 'Carmel, California, USA',
                        'name': 'Carmel Unified School District',
                        'type': 'Educational Institution'}],
 'attack_vector': 'Email Phishing',
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Employee social security '
                                              'numbers',
                                              'Spouses’ and dependents’ social '
                                              'security numbers',
                                              'Employee/spouse marriage '
                                              'certificates',
                                              'Employee dependents’ birth '
                                              'certificates']},
 'description': 'Carmel Unified School District notified employees that a '
                'successful phishing attack had gained access to an employee’s '
                'email account that had a limited number of documents. '
                'Compromised documents contained employees’ or dependents’ '
                'information such as Employee social security numbers, '
                'Spouses’ and dependents’ social security numbers, '
                'Employee/spouse marriage certificates, and Employee '
                'dependents’ birth certificates. The district is unable to '
                'determine whether a specific piece of information in the '
                'account was accessed.',
 'impact': {'data_compromised': ['Employee social security numbers',
                                 'Spouses’ and dependents’ social security '
                                 'numbers',
                                 'Employee/spouse marriage certificates',
                                 'Employee dependents’ birth certificates']},
 'initial_access_broker': {'entry_point': 'Email Phishing'},
 'post_incident_analysis': {'root_causes': 'Human Factor'},
 'references': [{'source': 'Carmel Unified School District'}],
 'title': 'Phishing Attack on Carmel Unified School District',
 'type': 'Phishing Attack',
 'vulnerability_exploited': 'Human Factor'}

Carmel Unified School District

Microsoft

Young Consulting

IdeaLab