As the police and FBI work to determine who was able to hack his or her way into District 202’s online job application system — as well as how much information was compromised — the school district urging is community members to take steps to minimize their own risk of falling victim to identity theft.
On Saturday, past District 202 job applicants received what the district called a “highly offensive and inappropriate email” from someone who was able to use an authorized username and password to access the district’s job application database and send the mass email.
The message was sent to an estimated 23,000 people who had used the third-party website to apply for a District 202 job.
“Understandably, this has caused significant concern about potential identity theft and the security of our systems,” the district said in a message sent Monday afternoon to District 202 community members and the 23,000 people who received the emails:
At this time, we are working with our third-party software vendor to determine whether the person(s) who used the job application system to send the mass e-mail accessed any personal or confidential information.
We are also working with local police and the FBI to identify and prosecute those responsible.
While our investigation continues, the third-party job application system will remain closed.
The message continued, “Most especially, we apologize to everyone who received this email for the concern and fear that naturally results from a situation like this.
“We will continue to update you on our investigation into this incident, and we will do everything that we can to protect the privacy and security of our current and prospective staff and students.”
The district offered the following tips from the Federal Trade Commission to help community members minimize their risk of identity theft:
- The longer the password, the tougher it is to crack. Use at least 10 characters; 12 is ideal for most home users.
- Mix letters, numbers, and special characters. Try to be unpredictable – don’t use your name, birthdate or common words.
- Don’t use the same password for many accounts. If it’s stolen from you – or from one of the companies with which you do business – it can be used to take over all your accounts.
- Don’t share passwords on the phone, in texts or by email. Legitimate companies will not send you messages asking for your password. If you get such a message, it’s probably a scam.
- Keep your passwords in a secure place, out of plain sight.
View full post on Plainfield Patch