I received a letter with the Granite School District logo, but the return address is from California. Is this real or a scam?
This is a legitimate letter from our insurance provider. This letter will provide instructions for enrollment in identity and theft protection.
I have several letters delivered to my address that the individual no longer lives here. Was there a search for last known address before mailing?
Yes, the insurance provided support service ran all individuals addresses through the National Change of Address Database. It is important to note for an updated address to be found, it requires that an individual has completed a change of address through the United States Postal Service. Please write “Return to Sender” on the envelope and put it back in the mail.
How Can I Sign Up for Credit Monitoring and Identity Protection Services?
Letters were mailed out to all affected individuals on January 9th. The letters contain instructions and enrollment codes to sign up for these services. If you do not receive a letter, you were most likely not impacted by the data breach. With questions about monitoring services, please call IDX Incident Response number – 1-877-719-9674 between the hours of 6:00 AM to 6:00 PM Pacific Time, Monday – Friday, excluding holidays.
The support center said I have to have a separate email account for each of the individuals affected that I want to sign up for. Is that correct?
That is correct. If a parent does not wish to create an email account for their child there is the option to register via our call center (1-877-719-9674) and set up an offline account with an agent. This would result in all alerts being mailed to the impacted person rather than an email sent.
What Happened?
On September 20, 2024, Granite became aware of suspicious activity on its network. The District took appropriate steps to contain the incident and launched an investigation to determine the nature and scope of the activity. The investigation determined that between September 11 and September 25, 2024, an unknown, unauthorized actor gained access to certain computer systems and acquired files stored on those computer systems.
What Information Was Involved?
Employee and student information was stored on the impacted computer systems. Individuals will be contacted directly by our insurance provider with more detailed information about what personal identifiable information was compromised.
What Are We Doing About It?
Data privacy and security are among Granite’s highest priorities, and we have measures in place to protect information in our care. Our response to this incident included:
- Confirming the security of our systems.
- Determining what data was potentially accessed or acquired.
- Reviewing the contents of relevant data for sensitive information.
- Identifying appropriate contact information to notify individuals associated with that sensitive information.
As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our policies, procedures, and processes related to the storage and access of personal information to reduce the likelihood of a similar future event. We have also notified and are working with requisite state regulatory authorities and law enforcement of this incident.
Example of Letters for Minor Students
Use translation feature above if needed.
Example of letter if social was compromised.
P.O. Box 989728
West Sacramento, CA 95798-9728
Parent or Guardian of <<First Name>> <<Last Name>>
<<Address1>>
<<Address2>>
<<City>>, <<State>> <<Zip>>
<<Country>>
Enrollment Code: <<ENROLLMENT>>
To Enroll, Scan the QR Code Below:
Or Visit:
https://response.idx.us/graniteschooldistrict
January 8, 2025
NOTICE OF <<SECURITY INCIDENT / DATA BREACH>>
Dear Parent or Guardian of <<First Name>> <<Last Name>>:
Granite School District (“Granite”) writes to notify you of an incident that may affect the privacy of some of your minor’s information. This letter provides details of the incident, our response, and resources available to you to help protect your minor’s information from possible misuse, should you feel it is appropriate to do so.
What Happened? On September 20, 2024, Granite became aware of suspicious activity on its network. Granite took steps to contain the incident and launched an investigation to determine the nature and scope of the activity. The investigation determined that between September 11 and September 25, 2024, an unknown, unauthorized actor gained access to certain computer systems and accessed and/or acquired files stored on those computer systems.
What Information Was Involved? The information stored on the impacted computer systems potentially includes your minor’s name, address, phone number, Social Security number, grades, health information and assessment results. At this time, we have no indication that your information was subject to actual or attempted misuse as a result of this incident.
What We Are Doing. Data privacy and security are among Granite’s highest priorities, and we have measures in place to protect information in our care. Our response to this incident included confirming the security of our systems, determining what data was potentially accessed or acquired, reviewing the contents of relevant data for sensitive information, and identifying appropriate contact information to notify individuals associated with that sensitive information. As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our policies, procedures, and processes related to the storage and access of personal information to reduce the likelihood of a similar future event. We also notified requisite state regulatory authorities and law enforcement of this incident.
As an added precaution, we are also offering <<12/24 months>>of complementary access to credit monitoring services through IDX. Individuals who wish to receive these services must enroll by following the attached enrollment instructions.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your minor’s account statements and monitoring your minor’s free credit reports for suspicious activity. You may also review the information contained in the attached Steps You Can Take to Help Protect Your Minor’s Information. There you will also find more information regarding the complimentary credit monitoring services we are making available to your minor. While Granite will cover the cost of these services, you will need to enroll your minor in the services we
are offering, if you would like to do so.
For More Information. We understand that you may have questions about this incident that are not addressed in this letter. If you have additional questions, please call our dedicated assistance line at 1-877-719-9674 between the hours of 6:00 AM to 6:00 PM Pacific Time, Monday through Friday, excluding holidays. You may also write to Granite at
2500 South State Street, Salt Lake City, Utah 84115-3110.
Sincerely,
Granite School District
STEPS YOU CAN TAKE TO PROTECT YOUR MINOR’S INFORMATION
Enroll in Monitoring Services
In response to the incident, we are providing you with access to Single Bureau Credit Monitoring services, however, the following instructions must be followed to receive these services.
1. Website and Enrollment. Scan the QR image or go to https://response.idx.us/graniteschooldistrict and follow the instructions for enrollment using your Enrollment Code provided at the top of the letter.
2. Activate the credit monitoring provided as part of your IDX identity protection membership. The monitoring included in the membership must be activated to be effective. Note: You must have established credit and access to a computer and the internet to use this service. If you need assistance, IDX will be able to assist you.
3. Telephone. Contact IDX at 1-877-719-9674 to gain additional information about this event.
Monitor Your Minor’s Accounts
Typically, credit reporting agencies do not have a credit report in a minor’s name. To find out if your minor has a credit report or to request a manual search for your minor’s Social Security number, each credit bureau has its own process. To learn more about these processes or request these services, you may contact the credit bureaus by phone, writing, or online:
Equifax | Experian | TransUnion |
---|---|---|
https://www.equifax.com/personal/credit-report-services/ | https://www.experian.com/help/minor-request.html | https://www.transunion.com/fraud-victim-resources/child-identity-theft |
1-800-685-1111 | 1-888-397-3742 | 1-800-916-8800 |
P.O. Box 105788 Atlanta, GA 30348-5788 | P.O. Box 9554 Allen, TX 75013 | P.O. Box 2000 Chester, PA 19016 |
Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-3228228. You may also contact the three major credit bureaus directly to request a free copy of your minor’s credit report, should your they have established credit. You may wish to stagger your requests so that you receive a free report from one of the three credit bureaus every four months.
Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If your minor is a victim of identity theft, your minor is entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed above.
Adults and minors, sixteen years or older, have the right to place a “credit freeze” on a credit report, which will prohibit a consumer reporting agency from releasing information in the credit report without express authorization. A parent or guardian also has the right to place a “credit freeze” on a minor’s credit report if the child is under the age of sixteen. This right includes proactively placing a “credit freeze” on a minor’s credit report if the minor is under sixteen years old. If the nationwide credit reporting agencies do not have a credit file on the minor, they will create one so they can freeze it. This record cannot be used for credit purposes. It is there to make sure the minor’s record is frozen and protected against potential identity theft and fraud. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on a credit report. Should you wish to place a credit freeze on a credit file or proactively place a freeze on a minor’s credit report, please contact the major consumer reporting agencies listed above.
To request information about the existence of a credit file in your minor’s name, search for your minor’s Social Security number, please a credit freeze on your minor’s credit file, place a fraud alert on your minor’s credit report (if on exists), or request a copy of your minor’s credit report, you may be required to provide the following information:
- A copy of your driver’s license or another government-issued identification card, such as a state ID card, etc.
- Proof of your address, such as a copy of a bank statement, utility bill, insurance statement, etc.
- A copy of your minor’s birth certificate.
- A copy of your minor’s Social Security card.
- Your minor’s full name, including middle initial and generation (e.g., JR, SR, II, III, etc.).
- Your minor’s date of birth.
- Previous address(es) for the past two years.
Should you wish to place a credit freeze, please contact the three major credit reporting bureaus listed above.
Additional Information
Consumers may further educate themselves regarding identity theft, fraud alerts, credit freezes, and the steps they can take to protect your personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or their state Attorney General. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Consumers can obtain further information on how to file such a complaint by way of the contact information listed above. Consumers have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, consumers will likely need to provide some proof that they have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and the relevant state Attorney General. This notice has not been delayed by law enforcement.
For District of Columbia residents, the District of Columbia Attorney General may be contacted at: 400 6th Street, NW, Washington, D.C. 20001; (202) 442-9828; and oag.dc.gov.
For Maryland residents, the Maryland Attorney General may be contacted at: 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; 1-410-576-6300 or 1-888-743-0023; and https://www.marylandattorneygeneral.gov/.
For New Mexico residents, consumers have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in their credit file has been used against them, the right to know what is in their credit file, the right to ask for their credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting bureaus must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to consumers’ files is limited; consumers must give consent for credit reports to be provided to employers; consumers may limit “prescreened” offers of credit and insurance based on information in their credit report; and consumers may seek damages from violators. Consumers may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active-duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage consumers to review their rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580.
For New York residents, the New York Attorney General may be contacted at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; or https://ag.ny.gov.
For North Carolina residents, the North Carolina Attorney General may be contacted at: 9001 Mail Service Center, Raleigh, NC 27699-9001; 1-877-566-7226 or 1-919-716-6000; and www.ncdoj.gov.
For Rhode Island residents, the Rhode Island Attorney General may be reached at: 150 South Main Street, Providence, RI 02903; www.riag.ri.gov; and 1-401-274-4400. Under Rhode Island law, individuals have the right to obtain any police report filed in regard to this event. There are approximately 0 Rhode Island residents that may be impacted by this event.
Example of letter if social was not compromised.
P.O. Box 989728
West Sacramento, CA 95798-9728
Parent or Guardian of <<First Name>> <<Last Name>>
<<Address1>>
<<Address2>>
<<City>>, <<State>> <<Zip>>
<<Country>>
Enrollment Code: <<ENROLLMENT>>
To Enroll, Scan the QR Code Below:
Or Visit:
https://response.idx.us/graniteschooldistrict
January 8, 2025
NOTICE OF <<SECURITY INCIDENT / DATA BREACH>>
Dear Parent or Guardian of <<First Name>> <<Last Name>>:
Granite School District (“Granite”) writes to notify you of an incident that may affect the privacy of some of your minor’s information. This letter provides details of the incident, our response, and resources available to you to help protect your minor’s information from possible misuse, should you feel it is appropriate to do so.
What Happened? On September 20, 2024, Granite became aware of suspicious activity on its network. Granite took steps to contain the incident and launched an investigation to determine the nature and scope of the activity. The investigation determined that between September 11 and September 25, 2024, an unknown, unauthorized actor gained access to certain computer systems and accessed and/or acquired files stored on those computer systems.
What Information Was Involved? The information stored on the impacted computer systems potentially includes your minor’s name, address, phone number, grades, health information and assessment results. At this time, we have no indication that your information was subject to actual or attempted misuse as a result of this incident.
What We Are Doing. Data privacy and security are among Granite’s highest priorities, and we have measures in place to protect information in our care. Our response to this incident included confirming the security of our systems, determining what data was potentially accessed or acquired, reviewing the contents of relevant data for sensitive information, and identifying appropriate contact information to notify individuals associated with that sensitive information. As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our policies, procedures, and processes related to the storage and access of personal information to reduce the likelihood of a similar future event. We also notified requisite state regulatory authorities and law enforcement of this incident.
As an added precaution, we are also offering <<12/24 months>>of complementary access to credit monitoring services through IDX. Individuals who wish to receive these services must enroll by following the attached enrollment instructions.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your minor’s account statements and monitoring your minor’s free credit reports for suspicious activity. You may also review the information contained in the attached Steps You Can Take to Help Protect Your Minor’s Information. There you will also find more information regarding the complimentary credit monitoring services we are making available to your minor. While Granite will cover the cost of these services, you will need to enroll your minor in the services we
are offering, if you would like to do so.
For More Information. We understand that you may have questions about this incident that are not addressed in this letter. If you have additional questions, please call our dedicated assistance line at 1-877-719-9674 between the hours of 6:00 AM to 6:00 PM Pacific Time, Monday through Friday, excluding holidays. You may also write to Granite at
2500 South State Street, Salt Lake City, Utah 84115-3110.
Sincerely,
Granite School District
STEPS YOU CAN TAKE TO PROTECT YOUR MINOR’S INFORMATION
Enroll in Monitoring Services
In response to the incident, we are providing you with access to Single Bureau Credit Monitoring services, however, the following instructions must be followed to receive these services.
1. Website and Enrollment. Scan the QR image or go to https://response.idx.us/graniteschooldistrict and follow the instructions for enrollment using your Enrollment Code provided at the top of the letter.
2. Activate the credit monitoring provided as part of your IDX identity protection membership. The monitoring included in the membership must be activated to be effective. Note: You must have established credit and access to a computer and the internet to use this service. If you need assistance, IDX will be able to assist you.
3. Telephone. Contact IDX at 1-877-719-9674 to gain additional information about this event.
Monitor Your Minor’s Accounts
Typically, credit reporting agencies do not have a credit report in a minor’s name. To find out if your minor has a credit report or to request a manual search for your minor’s Social Security number, each credit bureau has its own process. To learn more about these processes or request these services, you may contact the credit bureaus by phone, writing, or online:
Equifax | Experian | TransUnion |
---|---|---|
https://www.equifax.com/personal/credit-report-services/ | https://www.experian.com/help/minor-request.html | https://www.transunion.com/fraud-victim-resources/child-identity-theft |
1-800-685-1111 | 1-888-397-3742 | 1-800-916-8800 |
P.O. Box 105788 Atlanta, GA 30348-5788 | P.O. Box 9554 Allen, TX 75013 | P.O. Box 2000 Chester, PA 19016 |
Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-3228228. You may also contact the three major credit bureaus directly to request a free copy of your minor’s credit report, should your they have established credit. You may wish to stagger your requests so that you receive a free report from one of the three credit bureaus every four months.
Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If your minor is a victim of identity theft, your minor is entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed above.
Adults and minors, sixteen years or older, have the right to place a “credit freeze” on a credit report, which will prohibit a consumer reporting agency from releasing information in the credit report without express authorization. A parent or guardian also has the right to place a “credit freeze” on a minor’s credit report if the child is under the age of sixteen. This right includes proactively placing a “credit freeze” on a minor’s credit report if the minor is under sixteen years old. If the nationwide credit reporting agencies do not have a credit file on the minor, they will create one so they can freeze it. This record cannot be used for credit purposes. It is there to make sure the minor’s record is frozen and protected against potential identity theft and fraud. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on a credit report. Should you wish to place a credit freeze on a credit file or proactively place a freeze on a minor’s credit report, please contact the major consumer reporting agencies listed above.
To request information about the existence of a credit file in your minor’s name, search for your minor’s Social Security number, please a credit freeze on your minor’s credit file, place a fraud alert on your minor’s credit report (if on exists), or request a copy of your minor’s credit report, you may be required to provide the following information:
- A copy of your driver’s license or another government-issued identification card, such as a state ID card, etc.
- Proof of your address, such as a copy of a bank statement, utility bill, insurance statement, etc.
- A copy of your minor’s birth certificate.
- A copy of your minor’s Social Security card.
- Your minor’s full name, including middle initial and generation (e.g., JR, SR, II, III, etc.).
- Your minor’s date of birth.
- Previous address(es) for the past two years.
Should you wish to place a credit freeze, please contact the three major credit reporting bureaus listed above.
Additional Information
Consumers may further educate themselves regarding identity theft, fraud alerts, credit freezes, and the steps they can take to protect your personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or their state Attorney General. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Consumers can obtain further information on how to file such a complaint by way of the contact information listed above. Consumers have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, consumers will likely need to provide some proof that they have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and the relevant state Attorney General. This notice has not been delayed by law enforcement.
For District of Columbia residents, the District of Columbia Attorney General may be contacted at: 400 6th Street, NW, Washington, D.C. 20001; (202) 442-9828; and oag.dc.gov.
For Maryland residents, the Maryland Attorney General may be contacted at: 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; 1-410-576-6300 or 1-888-743-0023; and https://www.marylandattorneygeneral.gov/.
For New Mexico residents, consumers have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in their credit file has been used against them, the right to know what is in their credit file, the right to ask for their credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting bureaus must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to consumers’ files is limited; consumers must give consent for credit reports to be provided to employers; consumers may limit “prescreened” offers of credit and insurance based on information in their credit report; and consumers may seek damages from violators. Consumers may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active-duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage consumers to review their rights pursuant to the Fair Credit Reporting Act by visiting www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580.
For New York residents, the New York Attorney General may be contacted at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; or https://ag.ny.gov.
For North Carolina residents, the North Carolina Attorney General may be contacted at: 9001 Mail Service Center, Raleigh, NC 27699-9001; 1-877-566-7226 or 1-919-716-6000; and www.ncdoj.gov.
For Rhode Island residents, the Rhode Island Attorney General may be reached at: 150 South Main Street, Providence, RI 02903; www.riag.ri.gov; and 1-401-274-4400. Under Rhode Island law, individuals have the right to obtain any police report filed in regard to this event. There are approximately 0 Rhode Island residents that may be impacted by this event.
Frequently Asked Questions
Parents and Students
What information was accessed?
The data accessed varies some by the student and the time frame they attended Granite School District. We can confirm student’s personal identifiable information,(PII) was compromised. PII is part of a student record, which can contain:
- Name
- Address and phone number
- Any associated health information
- Grades and assessment results
You will receive a personalized letter detailing what information was accessed from IDX. That letter will be sent January 9, 2025.
Which students had information compromised?
Unfortunately, all student records were accessed. This includes all current and former Granite School District students.
What about my child’s social security number?
We have determined that 15% of current and former students had records containing their social security number that was accessed. Your individualized letter will confirm what personal information was compromised.
When will I get information about credit monitoring services?
We have been working with our cybersecurity insurance to provide data breach response services and set up a support center that will provide our students affected (with parental support) with mailing notification, call center support, and identity theft and credit monitoring enrollment. We expect the mailing with specific information to go out on January 9, 2025.
What can I do now to protect my student’s information?
Please click here for instructions on contacting credit bureaus to get a credit report or place a fraud alert on my credit file.
Employees
Has the district ensured that the threat actors no longer have access to our data?
We worked with a forensic security company to ensure that the threat actors no longer have access to our system. This was completed by September 30, 2024.
I would like confirmation of whether I was a victim of this theft. Or if these emails are a general precaution since I am a GSD employee.
Our investigation thus far has determined that all current employees’ personal identifiable information was stolen.
Have you individually contacted the specific people that this affected or are you just sending blanket updates? Should I take measures to change my bank account?
We sent out initial notification of the breach to all employees in October, with follow up emails sent in November and December after we received confirmation that all current employees were impacted. You should take the recommended actions and precautions previously sent.
If my financial institution recommends I change my account, do I need to do anything with my direct deposit?
Yes, once it is changed, we need you to provide this completed form linked here to Payroll in person as soon as possible.
Will free credit monitoring and identity theft be provided to employees? If so, how long?
Yes. We are working with our insurance company to determine the length of time coverage will be provided. More detailed information will be mailed to you on January 9, 2025.
Does this breach include the SSN’s of employee dependents on our insurance as well?
Our data mining investigation thus far discovered that payroll information had been stolen. That information show no indication that any family members’ information was part of the data breach.
What is the District doing to help employees who may have identity theft before they can take steps to protect themselves?
The breach took place in September 2024. We notified employees on October 18, 2024 in order for you to take all appropriate protective actions to secure your identity, such as:
– Placing an alert or freeze on your credit
– Contacting your financial institution for recommendations
– Consider enrolling in the district provided credit monitoring services, when available
What do I do if my personally identifiable information is also compromised?
We encourage employees to enroll in Identity theft and credit monitoring. These services are used to prevent a threat actor from being able to use your identity in harmful ways.
What if I already was looking into my credit for something totally unrelated and you are only allowed to check 1 time for free per year, how will this affect that since checking into this current GSD situation would be twice in one year?
Please work with your financial institution to determine if this would negatively impact you. Credit monitoring services provided will allow for constant monitoring and immediate notification for any change to your credit.
Have you all explored how having a VPN for our district’s network could assist with security?
We do use and have a VPN solution that we employ. It is used if a user needs to access school district resources when they are off-premises. Due to the way our network environment is constructed, we do not employ VPN’s internally at this time. We are also re-evaluating our network to see if instituting additional security measures, like the use of VPNs, will bolster our security.
I recently updated my banking information with payroll for reasons unrelated to the data breach (new employee, changed banks, etc.). Is my new banking information safe?
The district is confident that the threat actors were no longer in our system as of October 1, 2024. The information of any new employees who set up payroll for the first time after that date, or current employees who updated their banking information for unrelated reasons after that date, should be secure. Any banking information provided to the district before October 1st was likely compromised.
What are the steps I can take to protect myself?
Please contact your financial institution to ask what they recommend. We encourage you to follow their advice.
When will credit monitoring be available? And how will we be able to sign up for it?
We are offering complimentary access to credit monitoring services through IDX, a ZeroFox company. If you have been impacted, you will be contacted by them with specific information about those services as soon as it is available. In the meantime, please click here for instructions on contacting credit bureaus to get a credit report or place a fraud alert on my credit file.
Are we going to be given the opportunity to add identity protection to our benefit package even though open enrollment is closed?
Through our insurance provider, free identity protection services will be offered to employees. Information about this will be emailed out as soon as possible. We will evaluate the need for additional services for our employees in the future.
Last May, I changed my direct deposit to a new checking account, however the old checking account I still use. I am getting the new account changed, my question is should I get both of them changed?
Yes, both accounts were likely compromised and you should follow your financial institution’s advice related to both accounts.
Can I request a paper check and/or opt-out of direct deposit?
No. Granite School District’s Board previously made the decision to have GSD a mandatory direct deposit employer.
How far back does the breach go so former employees can also take the necessary actions?
We have determined that employees’ bank account numbers were compromised back to 7/1/2020. There may be other employees who had additional personally identifiable information (not bank accounts) compromised back further, we are still in the process of determining the extent of that information. No employee’s family members’ personally identifiable information (PII) was compromised as part of this payroll information breach.
How are former employees being notified?
We are still data mining to determine which former employees have been impacted along with verifying the addresses of all former employees so they receive notification. If current employees know former employees who were employed after 7/1/2020 but are no longer with Granite, please help alert them to the district information link and this FAQ.
Will there be compensation for employees who received the recommendation from their financial institution that they change their bank account number?
We recognize and regret the burden this has put on employees. Unfortunately, our cybersecurity insurance does not cover compensation for time. To provide this, we would have to reduce funding in other budgeted areas since it is not provided in our coverage. We had allowed for appropriate time off to address these issues prior to the holiday break.
For teachers that enrolled in the Granite provided benefit on identity protection, will this be now paid/reimbursed/not charged?
Our cybersecurity insurance company follows its practice and procedure to set up identity protection under one of the providers they select. To provide this, we would have to reduce funding in other budgeted areas since it is not provided in our coverage.
Enroll in identity theft and credit protection
We are offering complimentary access to credit monitoring services through IDX, a ZeroFox company. If you have been impacted, you will be contacted by them with specific information about those services as soon as it is available.
Questions?
Please send any questions to CustomerService@graniteschools.org. Granite will reply as soon as possible, and common questions will be added to this FAQ page.