Payday problems: Cyber thieves swipe paychecks from Atlanta school employees

Atlanta Public Schools reimburses $56K in payroll after online phishing attack
ajc.com

Atlanta Public Schools issued new paychecks to 27 employees who fell victim to what the superintendent called a phishing attack by cyber thieves.

Superintendent Meria Carstarphen said Internet scammers stole $56,459 in payroll funds by rerouting direct deposit information from 27 unsuspecting employees. Another seven employees had their direct deposit information changed, but their pay made it into their accounts.

The district reimbursed the employees whose money was taken and has notified the Georgia Bureau of Investigation, Carstarphen said. It has also beefed up security measures and is working to make sure the next payday in mid-October goes smoothly.

The problem came to light Friday, payday for the district that employs roughly 6,000 workers.

Carstarphen said the district’s massive data system, which includes testing, student, and employee information, has not been breached.

“What we feel confident on is that there’s no access to employee or student information because if that were true they would be doing it to everyone,” she said, in an interview Saturday.

Instead, officials think that a couple dozen employees were tricked into clicking on a fake link that gave cyber thieves access to payroll login information.

“The result was the employee’s direct deposit was re-routed to accounts set up by the thieves,” the district wrote in an alert to employees.

The district sent employees an alert to remind them to verify any emails if they doubt the legitimacy, to avoid replying to emails and to refrain from clicking on links or attachments because they may contain “malicious code.”

APS never asks for employees to provide confidential or account information via email or other electronic methods, the district told staffers.

Carstarphen said the district is working with a cyber-security consultant and will be tightening its email filters.

The district will pay for identity protection services for one year for employees whose data was compromised.

Carstarphen said the district may not recover the missing funds unless state investigators successfully apprehend someone.

“Typically what happens is that that money is lost,” she said.

GBI spokeswoman Nelly Miles said the school district’s police department asked the state agency Saturday to look into the case.

“At this point, we have instructed them to take steps to secure their network while we begin our investigation,” she said, in a written statement.