Texas School District Loses $2.3 Million in Phishing Incident

School district officials have not yet fully explained how the money was transferred to the hackers, but investigators say they have some "leads" as to who the cybercriminals might be.

by News Staff / January 15, 2020
Shutterstock/GlebSStock

A small school district in Texas has suffered a very costly cyberincident. 

Using an "email scam," hackers were able to steal $2.3 million from the Manor Independent School District, officials recently admitted. 

Both the city's police department and the FBI are now investigating the incident, and there are reportedly "strong leads" as to who the hackers are, said Angel Vidal Jr, the district's communications director

While details of the incident could not be fully disclosed, Detective Anne Lopez of the Manor Police Department confirmed to Government Technology that the theft was discovered in December, with a district employee finding that three transactions the school had recently entered into had been fraudulent.

"Unfortunately [a lure email] was sent out and someone didn't recognize it was a phishing email until it was too late," Lopez said, explaining that her department is currently clearing local participation in the scam, and was looking to determine whether the hackers were based in the U.S. or overseas.  

It is unclear what the transactions were related to, but the incident has all the trappings of a social engineering incident — wherein hackers pose as legitimate actors in an online engagement as a means of gaining access to money or information.

Last year, hackers made off with $1.7 million from a North Carolina county after posing as contractors with whom officials were involved in a development deal.    

"It is the largest [cyberincident] that Manor Police Department has had to deal with since I've been here," Lopez added. 

But the Manor district isn't alone. Last year saw a significant uptick in hacks on schools districts nationwide, with ransomware being a prominent form of attack. 

According to the K-12 Cybersecurity Resource Center, around 15 percent of cyberincidents at schools in 2018 were phishing-related. Experts generally agree that the best way for schools to avoid these incidents is a combination of increased digital literacy among staff and students and protective software. 

Platforms & Programs