(Updated 11/27/24)
Frequently Asked Questions
Based on questions submitted to customerservice@graniteschools.org
Has the district ensured that the threat actors no longer have access to our data?
We worked with a forensic security company to ensure that the threat actors no longer have access to our data.
I would like confirmation of whether I was a victim of this theft. Or if these emails are a general precaution since I am a GSD employee.
Our investigations thus far have determined that all current employees’ information was stolen. We are continuing to data mine to determine all individuals.
Have you individually contacted the specific people that this affected or are you just sending blanket updates? Should I take measures to change my bank account?
Unfortunately, our investigation revealed that what we thought was originally a subset of employees is, in reality, all employees which prompted the email. You should take the recommended actions and precautions outlined. We will continue to investigate and follow up on an individual basis with these same instructions and any additional information as appropriate.
If my financial institution recommends I change my account, do I need to do anything with my direct deposit?
Yes, once it is changed, we need you to provide this completed form linked here to Payroll in person as soon as possible.
What if I have already changed my bank account information?
Please note that, unfortunately, a change in a bank account will delay direct deposit for the pay period. Once it is changed, we need you to provide this completed form linked here to Payroll in person.
Will free credit monitoring and identity theft be provided to employees? If so, how long?
Yes. We are working with our insurance company to determine the length of time coverage will be provided.
Does this breach include the SSN’s of employee dependents on our insurance as well?
Our data mining investigation thus far discovered that payroll information had been stolen. That information did not contain information about dependents or spouses.
Is there any concern that our family members’ information may have been included as well (e.g., if our family is on our district-provided insurance)?
Our data mining efforts show no indication that any family members’ information was part of the data breach. If we uncover anything, we will communicate it promptly.
What is the District doing to help employees who may have identity theft before they can take steps to protect themselves?
We will be working with our insurance company to determine what we can be done in the event an individual falls victim due to circumstances out of their control.
What do I do if my personal identifiable information is also compromised?
Identity theft and credit monitoring is used to prevent a threat actor from being able to use your identity in harmful ways.
Will the district need new printed information from our banks if we change our account information?
We will not need printed information from your bank. We will accept a completed Payroll account change form in person or through interdepartmental mail. That form is found at Intranet – Payroll – Direct Deposit Application.
What if I already was looking into my credit for something totally unrelated and you are only allowed to check 1 time for free per year, how will this affect that since checking into this current GSD situation would be twice in one year?
Please work with your financial institution to determine if this would negatively impact you.
Have you all explored how having a VPN for our district’s network could assist with security?
We do use and have a VPN solution that we employ. It is used if a user needs to access school district resources when they are off-premises. Due to the way our network environment is constructed, we do not employ VPN’s internally at this time. We are also re-evaluating our network to see if instituting additional security measures, like the use of VPNs, will bolster our security.
I recently updated my banking information with payroll for reasons unrelated to the data breach (new employee, changed banks, etc.). Is my new banking information safe?
The district is confident that the threat actors were no longer in our system as of October 1, 2024. The information of any new employees who set up payroll for the first time after that date, or current employees who updated their banking information for unrelated reasons after that date, should be secure. Any banking information provided to the district before October 1st was likely compromised. The District is still working to determine how far back in time the threat actors were able to access.
What are the steps I can take to protect myself?
Please contact your financial institution to ask what they recommend. We encourage you to follow their advice.
When will credit monitoring be available? And how will we be able to sign up for it?
We are currently working with our insurance company to contract credit monitoring and identity theft. It is our hope to have that information out as soon as possible. In the meantime, please click here for instructions on contacting credit bureaus to get a credit report or place a fraud alert on my credit file.
Are there discussions about allowing teachers to leave early tomorrow to get this done or do we need to take a sick day or personal day to get this done? If we have taken all our personal days, is there a discussion of allowing another day to be added?
Recognizing the additional stress, frustration, and time impact this may have for some of our employees, the District will provide flexibility to those who need it. If a contract employee needs time, we ask that they work with their supervisor to determine the best way to coordinate that time while still allowing the school or department to operate. As with hourly employees, supervisors may need to be flexible with the hours they regularly work to take care of what they may need.
Are we going to be given the opportunity to add identity protection to our benefit package even though open enrollment is closed?
Through our insurance provider, free identity protection services will be offered to employees. Information about this will be emailed out as soon as possible.
Last May, I changed my direct deposit to a new checking account, however the old checking account I still use. I am getting the new account changed, my question is should I get both of them changed?
Yes, both accounts were likely compromised and you should follow your financial institution’s advice related to both accounts.
Can I request a paper check and/or opt-out of direct deposit?
No. Granite School District’s Board made the decision to have GSD a mandatory direct deposit employer.
How far back does the breach go so former employees can also take the necessary actions?
At this stage, we have determined that employees’ bank account numbers were compromised back to 7/1/2020. There may be other employees who had additional personally identifiable information (not bank accounts) compromised back further, we are still in the process of determining the extent of that information. No employee’s family members’ personally identifiable information (PII) was compromised as part of this payroll information breach.
How are former employees being notified?
We are still data mining to determine which former employees have been impacted. We are working with our insurance company, which will provide a call center and mailing service for former employees to receive information and support. We are working on determining and providing the addresses of all former employees so they receive notification. If current employees know former employees who were employed after 7/1/2020 but are no longer with Granite, please help alert them to the district information link and this FAQ.
Will there be compensation for employees who received the recommendation from their financial institution that they change their bank account number?
We recognize and regret the burden this has put on employees. Unfortunately, our cybersecurity insurance does not cover compensation for time. To provide this, we would have to reduce funding in other budgeted areas since it is not provided in our coverage.
For teachers that enrolled in the Granite provided benefit on identity protection, will this be now paid/reimbursed/not charged?
Our cybersecurity insurance company follows its practice and procedure to set up identity protection under one of the providers they select. To provide this, we would have to reduce funding in other budgeted areas since it is not provided in our coverage.