Schools & Education

Phishing Scam Hits Livonia Public Schools: How a Compromised Staff Account Put Students' Personal Data at Risk

By The Livonia Gazette Staff ยท July 17, 2026

Phishing Scam Hits Livonia Public Schools: How a Compromised Staff Account Put Students' Personal Data at Risk

A $300-a-week remote job offer sent from a real Livonia Public Schools staff email address turned a familiar school inbox into a vehicle for a banking scam in early February 2026. The compromised staff account directed students โ€” some as young as 12 โ€” to a Google Form designed to harvest personal and banking information. Because it came from a trusted district address, the pitch carried an authority that a typical phishing attempt never would.

"We always tell them not to click on links in their emails or their text messages or to answer like strange phone calls," said Miranda Grandmason, a Livonia parent who has four children. But this was not the usual suspicious message from an unknown sender. The fraudulent emails went out late in the week before the district learned of the attack. Grandmason spotted the scam that same week, before the district officially knew about it.

The district learned of the cyberattack on the afternoon of Monday, Feb. 2, 2026. Its IT department opened an investigation immediately and removed the fraudulent message from all district accounts.

Six students clicked the link in the phishing email. Whether any of them entered personal or banking information into the form is still unknown. The district has not publicly said how many students received the email, which schools were affected, or what grade levels were targeted. It has identified the compromised account only as a staff account, not specifically a teacher's account.

The incident raises a difficult question for families: Livonia Public Schools requires staff to use multi-factor authentication and strong passwords, and it conducts ongoing phishing training and testing through an outside company. District officials have said firewalls and other measures block hundreds or thousands of phishing attempts each day. Yet an outside source used a staff account to send students a phishing email with an external form built to gather their information โ€” an actual cyberattack, not a district phishing test. The district has not publicly explained how the account was compromised or how multi-factor authentication was bypassed.

Nor has the district publicly announced specific protocol changes, additional safeguards, or consequences tied to the February 2026 breach. It has not said whether it will block outside data-harvesting forms sent from staff accounts or increase monitoring for signs that an account has been compromised.

Until the district determines whether any of the six students who clicked the form submitted information, Livonia families cannot know the full extent of any exposure of personal or banking data. For a scam delivered through a school staff email address, that unanswered question remains at the center of the district's responsibility to the students and families it serves.