THOMASVILLE — An investigation shows the breach in the Thomas County School District online banking system might have begun in early February and continued for several days.

"It came in on a virus on a computer. That's how they were able to get into our online banking system," said Joey Holland, school district deputy superintendent for finance.

"The virus could have come from anywhere," said Superintendent Dr. Lisa Williams.

The early investigation by BlueVoyant, a New York forensic cyber company, pointed to Miami, Florida, as the location where the breach originated. 

"It could have happened anywhere in the world," Williams said.

The breach was an effort to move $2 million from the payroll account to perpetrators, but they did not get the money. It is not known now how much of employees' banking information was obtained.

"We know it was available in the area they were in when they tried to get money from the school system," Holland said.

Holland said the perpetrators are "high-level criminals looking for big payoffs."

Culprits compromised an account that made it possible to pick out employees' passwords, said Wes Davis, school system technology director.

BlueVoyant is scanning school system computers to look for viruses or any potential openings for viruses.

"This type of virus is very hard to defend against," Davis said.

 Davis said that the viruses are changed hourly by the criminals.

The system's anti-virus system detected the virus, but the extent of damage is not known, he added.

Holland went to local banks to alert them about the problem if employees have accounts at the financial institutions. 

"All the banks were willing to help our employees," he said.

Davis is checking his bank account several times daily.

Holland said the school system's bank, Thomasville National Bank, has an internal procedure that requires a second level of authentication that resulted in the money not being sent to the criminals.

Williams said the breaches are becoming more prevalent in K-12 public school systems nationwide.

Culprits operate worldwide in the dark web using false IP addresses, Davis said.

It is highly unlikely the perpetrators responsible for the Thomas County School District breach will be caught, he added. 

Senior reporter Patti Dozier can be reached at (229) 226-2400, ext. 1820