School District Victim Of Phishing Scam, Whose 'Scope Is Extensive; 'Well Over' 10,000 Emails Sent

NEW HAVEN, CT — The New Haven Public Schools has experienced a phishing attack that affected student emails, a spokesperson said Wednesday.

What follows is the message sent to the school community:

Phishing Attack

We have confirmed a sophisticated phishing attack targeting our district email system. The attack utilized at least four (4) compromised student accounts to send mass emails to the rest of the student body.

The scope of this incident is extensive:

• Volume: Well over 10,000 emails were distributed, almost all of which were sent to multiple recipients at once.
• Reach: Our best estimate is that more than half of the student body received at least one of these fraudulent emails.
• Engagement: Approximately 10% of these emails (over 1,000) were opened and read by students.

The Threat:

This phishing campaign was specifically designed to collect personal banking information. While it is impossible to currently track exactly how many students submitted data, we have received reports indicating that some students did fill out the fraudulent forms. This puts those students and their families at immediate financial risk.

Action Required:

1. Do Not Interact: Instruct students to delete any suspicious emails asking for personal or financial information immediately. They should not click any links.
2. If They Submitted Data: If a student admits to filling out the form, they must be directed to the school’s main office or the IT department immediately. You should alert any financial institutions where an account could be compromised.
3. Password Resets: We may be requiring forced password resets for affected student accounts.

Our IT department is working to scrub these emails from inboxes and secure the compromised accounts.

Thank you for your cooperation.