The impact of the December cybersecurity attack on the Glendale Unified School District is far from over, with at least 237 district employees reporting that their taxes had been fraudulently filed without their knowledge as of May 6, according to a survey conducted by the Glendale Teachers Association.
Many teachers’ initial response to the attack — which left GUSD without internet services, district networks, cloud-based systems, Google accounts, ParentSquare and StudentSquare — was figuring out how to navigate classroom operations without technology, especially at the end of a semester when grades must be reported.
The following month, GUSD employees were notified that personal data including their names, addresses, birthdates, Social Security numbers, driver’s license numbers and financial account information might have been leaked to the dark web.
In response, the district offered its former and current employees one year of credit monitoring services, internet surveillance, identity restoration and $1 million in identity theft insurance through an Experian IdentityWorks membership, said Kristine Nam, GUSD’s communications director.
However, even with these systems in place, some employees, such as Emily Rogers, were still vulnerable to threat months after attackers gained wide access to the district’s network and executed a ransomware threat.
Rogers, who teaches French and computer science at GUSD, received a letter from the IRS in late March saying that the agency suspected her taxes had been filed fraudulently.
“I didn’t really realize what the implications [of the data leak] would be,” Rogers said. “I thought that as long as we signed up for the credit monitoring software, that would protect us. I didn’t realize that there would be implications for our taxes too.”
It was nearly a week before Rogers was able to get connected with a representative from the IRS. Once she did get connected, she was told she would have to file a paper return this year for her federal taxes.
Before she learned of her own tax situation, Rogers said, GUSD employees received an email on March 4 from Assistant Superintendent of Human Resources Kyle Bruich announcing that the district had received reports of fraudulent tax filings. The email included information about how affected employees could proceed and gave information and forms to fill out, including instruction on how to get a personal identification number from the IRS for more security.
While Rogers read this email before receiving her IRS letter, she said this was not the case for everyone.
“It was just a little bit too late for a lot of people. Most of them knew that our information had been released on the dark web, but until people started filing their taxes in January, it wasn’t known that this might be one of the repercussions of the whole thing,” she said. “… I was just one of many who had this happen to them.”
Nam told the News-Press that as soon as the district discovered employees’ tax filings had been compromised in late February, it took action.
“In late February, an employee reported concerns to Human Resources about their tax filing. GUSD HR immediately connected with the California Franchise Tax Board to notify them of the data breach out of an abundance of caution,” Nam said. “GUSD also strongly recommended that employees file a PIN with the IRS to further protect their identities.”
She also noted that the district offers “additional services through our Employee Assistance Program, which includes Financial Support, including issues with taxes, and Identity Theft Recovery Services, which include assistance with fraudulent activity.”
After filing her federal taxes on paper, Rogers was later notified that her state tax filings bounced and she had to repeat the paper filing process she was eager to put behind her.
Rogers said it was a “hassle” having to spend days trying to get connected to the IRS, going to the post office multiple times, and paying for the first-class return receipts.
“It was one more thing added to my already very busy, full plate,” Rogers said, adding that she has little spare time as a mom, teacher and union officer.
Taline Arsenian, president of the Glendale Teachers Association, said she has had many employees reach out to GTA with concerns over this.
“Some people have been extremely vocal about the inconvenience of all of this and the stress,” Arsenian said. “Their stress levels are being impacted so greatly because people take great care in ensuring their credit scores remain intact and now we have somebody who’s come in and is pretending to be us that can just create chaos in our lives and living with that is very difficult.”
Calling the district’s communication “reactionary,” rather than “preventative,” Arsenian said she wished district employees had been informed of the possibility of tax fraud sooner.
“It would have been great if that March email came in December, letting us know how to assign a PIN number to our Social Security number,” Arsenian said. “Certainly ransomware attacks are not unique to our district … but the impacts this time around seem to be common and high, which makes me believe that we weren’t protected the way we should have been.”
Nam emphasized the district’s commitment to transparency and to “providing employees, students and families with as much information and support as possible.”
“GUSD acted immediately and proactively the moment we heard that employees’ tax filings could potentially be impacted by the cyberattack,” she said.
In addition to the tax fraud concerns, there’s also a fear of when the next shoe will drop.
“We didn’t know this tax fraud situation was going to happen,” Arsenian said. “So what else is in our future? We’re fearful of the unknown, of the other impacts of having this data breach.”
While Arsenian did not personally experience fraudulent tax filings, she said she heard from many employees who had delayed tax returns as a result of having to file on paper.
“If this had happened to me, I would not have been able to pay my property tax because my tax return in February pays my property tax in April, so that would have been very difficult for me,” Arsenian said.
The district had taken precautions ahead of the December attack to secure its systems. In March 2023, GUSD entered into an agreement with Hexalytics for cybersecurity monitoring services, providing a unit tasked with preventing, detecting and responding to cyberattacks and a system to monitor traffic on the network.
Nam said the district hopes to avoid future attacks by enhancing services provided by Hexalytics, expanding multifactor authentication, evaluating current backup strategies and training users against phishing attacks, among others.
In terms of those affected, Nam is not aware of any students who were compromised by the breach.
“We do not have reason to believe that, in general, students’ personal information was compromised by the data breach,” Nam said. “There could be a small handful of exceptions — for instance, if a student is a paid tutor and therefore also in our employee information system,” Nam said, adding that any student found to be affected would receive the same support and protection services given to staff.
As for the details of the ransom demand and whether any progress has been made on identifying a suspect, Nam said she could not comment.
First published in the May 18 print issue of the Glendale News-Press.
