Phishing emails to employees at several school districts in Monterey County, California, have exposed Social Security numbers and medical records. A phishing scam targeting Carmel Unified School District in Monterey County, California, exposed documents containing sensitive employee information, the district announced last week.Hackers obtained login credentials to several employee email accounts, according to CUSD, one of which stored employee Social Security numbers, their spouses and dependents Social security numbers, employee marriage certificates, employee dependents birth certificates and doctors notes, some containing medical information.Initial phishing emails were sent in early January at which time administrators became aware that district records had potentially been exposed and notified employees of the breach, said Paul Behan, CUSDs chief technology officer.It was a lengthy and thorough process to go through all the records to see who was potentially affected and exactly which information may have been involved, he told EdScoop in an email. Notices with additional information were sent in March to affected employees.

Source: Click here