“What we feel confident on is that there’s no access to employee or student information because if that were true they would be doing it to everyone,” she said, in an interview Saturday.
Instead, officials think that a couple dozen employees were tricked into clicking on a fake link that gave cyber thieves access to payroll login information.
“The result was the employee’s direct deposit was re-routed to accounts set up by the thieves,” the district wrote in an alert to employees.
The district sent employees an alert to remind them to verify any emails if they doubt the legitimacy, to avoid replying to emails and to refrain from clicking on links or attachments because they may contain “malicious code.”
APS never asks for employees to provide confidential or account information via email or other electronic methods, the district told staffers.
Carstarphen said the district is working with a cyber-security consultant and will be tightening its email filters.
The district will pay for identity protection services for one year for employees whose data was compromised.
Carstarphen said the district may not recover the missing funds unless state investigators successfully apprehend someone.
“Typically what happens is that that money is lost,” she said.
GBI spokeswoman Nelly Miles said the school district’s police department asked the state agency Saturday to look into the case.
“At this point, we have instructed them to take steps to secure their network while we begin our investigation,” she said, in a written statement.