“It's just, just the click of a button,” Yukon Public Schools Superintendent Jason Simeroth said snapping his fingers.
The snap, a physical demonstration of how quickly the personal information of roughly 1,300 full-time and part-time employees from Yukon Public Schools was hacked and stolen.
The hack came as an email. Someone posing as Simeroth asked the Human Resources department for the W-2 information of every employee in the last year.
When the email was received, the director of HR went to Simeroth for clarification and the two immediately realized something was wrong.
“He came down to ask me. He said 'Is this what you're looking for?' and I said, 'No. I don’t know what you're talking about,’” Simeroth said recounting the exchange on Thursday.
It's a practice known as Phishing -- where a would-be identity thief asks someone to confirm a credit card or social security number to gain access to personal information. And an employee at Yukon Schools took the bait.
“Unfortunately, my employees doing exactly what they thought they were supposed to be doing divulged,” Simeroth said matter of factly. “I mean it was just a data breech.”
The district reported the breech to Yukon PD which says in its report there's nothing they can do. The case was also sent to the IRS, FBI, and the Secret Service.
According to the website ScamWatch, phishing scams usually contain grammar errors - icons that aren't normal or come from an address that seems out of place.
For Simeroth, the solution going forward was simple.
“If it looks like something that could be fishy with an “F” it probably is “phishy” with a “P,”” Simeroth said.
Correction: An earlier version of the is story incorrectly stated those affected to be about 13,000 people.