On Jan. 24, Lotus Leaf was alerted by two anonymous sources, both MPS retirees, that they had received a letter from the district. This letter alerted them of a data breach including their full name and SSN, as well as actions to take to prevent further compromising of this data, which made many believe the letter was fake. Thanks to Superintendent Dr. Julie Everly, we were able to confirm on the same night that these letters were credible and sent from Monroe Public Schools.

The letters were reportedly sent due to the “sophisticated cyber-security attack” that occurred in June. It had required a complete restoration of the district’s phone system and software tools, like Outlook, Google, and PowerSchool. The breach also required the assistance of forensic officials, such as the FBI, according to Everly and an article printed in July of 2021 in the Monroe Evening News.

However, retirees were panicked when the letter arrived at their homes without any warning.

Current employees reportedly received an email that told them of the situation and the existence of the letters. However, three of the retirees we spoke to did not receive the email, regardless of Everly saying it was meant to be sent to them as well.

Another cause of concern was that the letters lacked any sign-off from staff members at the Administration Building, as MHS letters would commonly be signed off by Everly. The letter also lacked the MPS header, and the layout and font were different as well.

When asked about this, Everly expressed that when a security breach occurs, the district is required by law to hire a company to send letters and offer free credit services. This is why the letters seemed odd.

“What made it tricky is that when an organization experiences a breach like that, they have to contract with a company to do the letters and offer the service of the credit monitoring. It makes the letter look different, and people are accustomed to the Monroe Public School’s mailings looking a certain way, and we’re really proud of that, so we understand that the letter stating it is from Monroe Public Schools but looking different has caused some concern.”

As a follow-up, Everly stressed that everyone who was impacted should call the toll-free response number on the letter with any questions as to what was leaked and their personal safety.

“We’re encouraging everyone to call [the number]… I called right away because I wanted to make sure that the service that our employees and retirees are getting was very polite, thorough service. I found that they answered all of my questions and they were very kind in the way that if I thought of anything else, to please call them back,” Everly stated.

Everly also explained that the response line should not ask for any personal information beyond confirmation that they received the letter. The only numbers on the letter that should ask for personal information are the free credit services being offered, should recipients choose to use them.

Lastly, Everly expressed the importance of everyone’s individual online safety, even after they’ve enhanced the district’s cybersecurity.

“We’ve been really working with our digital citizenship curriculum and digital citizenship messaging throughout the school district – both with our students and our staff. We have to be careful when we receive emails, messages, and when there are popups that come up when you are surfing the internet. It is very, very critical that everyone involved is very cognizant of what they’re clicking on, very cognizant that they’re not entering personal information… Unfortunately, those are ways that individuals use to get into an organization’s system…”  Everly shared. “There are two sides to it: there’s educating all of your users… the other side is on the equipment side, and the district added many, many features to the already secure equipment just to enhance the security… However, the equipment has to be matched with an awareness of all the users to be very careful… when they see something that looks suspicious. ”