(Updated 11/27/24)
Frequently Asked Questions
Based on questions submitted to customerservice@graniteschools.org
Has the district ensured that the threat actors no longer have access to our data?
We worked with a forensic security company to ensure that the threat actors no longer have access to our data.
I would like confirmation of whether I was a victim of this theft. Or if these emails are a general precaution since I am a GSD employee.
Our investigations thus far have determined that all current employees’ information was stolen. We are continuing to data mine to determine all individuals.
Have you individually contacted the specific people that this affected or are you just sending blanket updates? Should I take measures to change my bank account?
Unfortunately, our investigation revealed that what we thought was originally a subset of employees is, in reality, all employees which prompted the email. You should take the recommended actions and precautions outlined. We will continue to investigate and follow up on an individual basis with these same instructions and any additional information as appropriate.
If my financial institution recommends I change my account, do I need to do anything with my direct deposit?
Yes, once it is changed, we need you to provide this completed form linked here to Payroll in person as soon as possible.
What if I have already changed my bank account information?
Please note that, unfortunately, a change in a bank account will delay direct deposit for the pay period. Once it is changed, we need you to provide this completed form linked here to Payroll in person.
Will free credit monitoring and identity theft be provided to employees? If so, how long?
Yes. We are working with our insurance company to determine the length of time coverage will be provided.
Does this breach include the SSN’s of employee dependents on our insurance as well?
Our data mining investigation thus far discovered that payroll information had been stolen. That information did not contain information about dependents or spouses.
Is there any concern that our family members’ information may have been included as well (e.g., if our family is on our district-provided insurance)?
Our data mining efforts show no indication that any family members’ information was part of the data breach. If we uncover anything, we will communicate it promptly.
What is the District doing to help employees who may have identity theft before they can take steps to protect themselves?
We will be working with our insurance company to determine what we can be done in the event an individual falls victim due to circumstances out of their control.
What do I do if my personal identifiable information is also compromised?
Identity theft and credit monitoring is used to prevent a threat actor from being able to use your identity in harmful ways.
Will the district need new printed information from our banks if we change our account information?
We will not need printed information from your bank. We will accept a completed Payroll account change form in person or through interdepartmental mail. That form is found at Intranet – Payroll – Direct Deposit Application.
What if I already was looking into my credit for something totally unrelated and you are only allowed to check 1 time for free per year, how will this affect that since checking into this current GSD situation would be twice in one year?
Please work with your financial institution to determine if this would negatively impact you.
Have you all explored how having a VPN for our district’s network could assist with security?
We do use and have a VPN solution that we employ. It is used if a user needs to access school district resources when they are off-premises. Due to the way our network environment is constructed, we do not employ VPN’s internally at this time. We are also re-evaluating our network to see if instituting additional security measures, like the use of VPNs, will bolster our security.
I recently updated by baking information with payroll for reasons unrelated to the data breach (new employee, changed banks, etc.). Is my new banking information safe?
The district is confident that the threat actors were no longer in our system as of October 1, 2024. The information of any new employees who set up payroll for the first time after that date, or current employees who updated their banking information for unrelated reasons after that date, should be secure. Any banking information provided to the district before October 1st was likely compromised. The District is still working to determine how far back in time the threat actors were able to access.
What are the steps I can take to protect myself?
Please contact your financial institution to ask what they recommend. We encourage you to follow their advice.
When will credit monitoring be available? And how will we be able to sign up for it?
We are currently working with our insurance company to contract credit monitoring and identity theft. It is our hope to have that information out as soon as possible. In the meantime, please click here for instructions on contacting credit bureaus to get a credit report or place a fraud alert on my credit file.
Are there discussions about allowing teachers to leave early tomorrow to get this done or do we need to take a sick day or personal day to get this done? If we have taken all our personal days, is there a discussion of allowing another day to be added?
Recognizing the additional stress, frustration, and time impact this may have for some of our employees, the District will provide time or flexibility to those who need it. Contract employees may have up to a day that can be used before winter recess, December 20th. We ask that they work with their supervisor to determine the best way to coordinate that time while still allowing the school or department to operate. This will be marked as Paid Time Off day on their timecard. For hourly employees, we will be asking supervisors to be flexible with granting time off during hours they may regularly be working so they can take care of what they may need.
Are we going to be given the opportunity to add identity protection to our benefit package even though open enrollment is closed?
Through our insurance provider, free identity protection services will be offered to employees. Information about this will be emailed out as soon as possible.
Last May, I changed my direct deposit to a new checking account, however the old checking account I still use. I am getting the new account changed, my question is should I get both of them changed?
Yes, both accounts were likely compromised and you should follow your financial institution’s advice related to both accounts.
Can I request a paper check and/or opt-out of direct deposit?
No. Granite School District’s Board made the decision to have GSD a mandatory direct deposit employer.