Fort Thomas Independent Schools report data breach caused by phishing attack

Fort Thomas Independent Schools in Kentucky is reporting a data breach resulting from a phishing attack that compromised sensitive personal information of students and parents.

The incident was initially identified by the Kentucky Department of Education in December 2024. The breach is caused by asophisticated phishing attack that involved the installation of a malicious application across multiple districts' Microsoft 365 mailboxes.

The attackers gained access to one district email account on November 15, 2024, which was discovered when the Kentucky Department of Education notified the district on December 4, 2024.

The breach affected 910 individuals, with the compromised data spanning records from 2007 to present. The exposed information included:

• Names
• Addresses
• Dates of birth
• Health data
• Social Security numbers
• Insurance policy numbers
• Student injury reports
• Related insurance documents

The school district has removed the malicious application and implemented additional security enhancements. The district has sent direct notifications to affected families and established communication channels for affected individuals to obtain more information.