A phishing email targeting employees of the **New York City Department of Education (DOE)** was detected by an 18-year-old student apprentice, Addison Wang, working in the DOE’s IT security office. The malicious email directed recipients to a potentially harmful website, posing a risk of credential theft, malware deployment, or unauthorized system access. While only **eight employees received the email**, none interacted with the link, preventing a breach or data compromise. The incident was swiftly contained through email system searches and monitoring. The attack targeted a **public education infrastructure supporting over 1 million students and staff**, where a successful breach could have exposed sensitive data (e.g., student records, employee credentials, or financial details). The DOE’s reliance on student apprentices for cybersecurity tasks also highlights potential vulnerabilities in workforce training and incident response protocols. Had employees clicked the link, the attack could have escalated to **data exfiltration, ransomware deployment, or lateral movement within the DOE’s network**, disrupting operations for schools citywide. The lack of clicks mitigated immediate harm, but the attempt underscores persistent threats to government-run educational systems.
TPRM report: https://www.rankiteo.com/company/nyc-department-of-education
"id": "nyc2485224102825",
"linkid": "nyc-department-of-education",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '8 employees (no further impact)',
'industry': 'Public Education',
'location': 'New York City, New York, USA',
'name': 'New York City Department of Education (DOE)',
'size': 'Large (serves over 1 million students and '
'staff)',
'type': 'Government Agency (Education)'}],
'attack_vector': 'Email (Malicious Link)',
'description': 'A phishing email was circulated among New York City '
'Department of Education employees, directing them to a '
'potentially malicious website. The incident was detected and '
'investigated by an 18-year-old student apprentice, Addison '
'Wang, who confirmed that while 8 employees received the '
'email, none clicked on the malicious link. The incident was '
'contained without further impact.',
'impact': {'operational_impact': 'Minimal (8 employees received the email; no '
'clicks recorded)'},
'investigation_status': 'Resolved (no further action required)',
'lessons_learned': 'Student apprentices can play a valuable role in incident '
'response. Early detection and swift investigation '
'mitigated potential impact. Importance of training and '
'supervision for apprentices in cybersecurity roles.',
'post_incident_analysis': {'corrective_actions': ['Review and strengthen '
'email filtering rules.',
'Conduct phishing awareness '
'training for employees.',
'Leverage apprentice '
'insights (e.g., Addison '
"Wang's Chromebook "
'troubleshooting) to '
'improve IT policies.'],
'root_causes': 'Phishing email bypassed initial '
'email filters; human error '
'(employees targeted).'},
'recommendations': ['Expand cybersecurity training for apprentices to enhance '
'detection capabilities.',
'Implement automated tools to flag and quarantine '
'suspicious emails more efficiently.',
'Encourage broader participation in apprenticeship '
'programs to build a pipeline of skilled cybersecurity '
'professionals.'],
'references': [{'source': 'Chalkbeat New York',
'url': 'https://www.chalkbeat.org/newyork/'}],
'response': {'containment_measures': 'Email system search conducted; '
'confirmed no clicks on malicious link.',
'incident_response_plan_activated': True},
'title': 'Phishing Email Incident at New York City Department of Education',
'type': 'Phishing Attempt'}