Hacked Georgia school district thwarts attempt to steal payroll funds

Thanks to two-factor authentication, school officials were notified of an unauthorized transfer attempt and no money was lost, a spokesman said.
laptop and smartphone
Getty Images

Two-factor authentication frustrated an attempt to steal nearly $2 million in payroll funds from the Thomas County School System in southern Georgia, according to district officials.

Hackers gained unauthorized access to a district computer storing private banking information around Feb. 7 that included the names, ID numbers, and bank account and routing numbers of district employees, according to a breach notice published by the district on Tuesday.

“This was a targeted attack,” Dusty Kornegay, the K-12 district’s public relations officer, told EdScoop.

The district’s investigation has revealed the hackers sought to infiltrate the district’s banking system to transfer money from the district’s payroll accounts to their own accounts, but the district’s security protocols put a stop to the activity before any money was transferred.


Kornegay said the school district requires a second form of authentication before funds can be transferred, so when the district’s bank received a suspicious, automated clearing house transfer request, it checked with the school system before processing the request. As a result, no funds were lost, he said.

According to the district’s breach notification, shortly after learning of the intrusion, BlueVoyant, a global cybersecurity defense firm, was hired to investigate the attack and implement software to prevent future incidents.

The Thomas County School System holds a cybersecurity insurance policy, which is helping to cover forensic and legal costs, Kornegay said.

School employees were notified of the attack on Monday and urged to monitor their bank accounts for potential fraudulent activity.

The scope of the incident is still being investigated, but the district says no Social Security numbers or passwords to employee accounts were accessed by the hackers.


The district states in its breach notification that it is committed to enhancing its overall security architecture and that “protecting the security of our employees’ personal information is a top priority.”

Betsy Foresman

Written by Betsy Foresman

Betsy Foresman was an education reporter for EdScoop from 2018 through early 2021, where she wrote about the virtues and challenges of innovative technology solutions used in higher education and K-12 spaces. Foresman also covered local government IT for StateScoop, on occasion. Foresman graduated from Texas Christian University in 2018 — go Frogs! — with a BA in journalism and psychology. During her senior year, she worked as an intern at the Center for Strategic and International Studies in Washington, D.C., and moved back to the capital after completing her degree because, like Shrek, she feels most at home in the swamp. Foresman previously worked at Scoop News Group as an editorial fellow.

Latest Podcasts