Hacker Publishes Sensitive Info on US Students After District Officials Refuse to Pay Ransom

A hacker late last week published documents containing Social Security numbers, student grades and other private information from a large public school district in Las Vegas, Nevada, after officials refused to pay a ransom to unlock district computer servers.
Sputnik

According to a Monday report by the Wall Street Journal, which first reported the news, information on around 320,000 students was released from the Clark County School District (CCSD) in Las Vegas. 

The report also notes that hackers have taken advantage of schools’ reliance on online learning and technology during the pandemic. 

“A big difference between this school year and last school year is they didn’t steal data, and this year they do,” Brett Callow, a threat analyst for cybersecurity company Emsisoft, told the Wall Street Journal, also noting that he was easily able to find and access the county’s data through a hacker website.

“If there’s no payment, they publish that stolen data online, and that has happened to multiple districts,” Callow explained.

The hacker sent a warning to school officials on September 14 by releasing nonsensitive district information on their website, Callow explained. However, late last week, the hacker loaded more sensitive information that included employee addresses, retirement paperwork and Social Security numbers, as well as students’ names, grades, addresses and schools attended.

In a statement on Monday, the school district said it is working to determine the “full nature and scope of the incident” and will be “individually notifying affected individuals” as the investigation continues.

“CCSD values openness and transparency and will keep parents, employees and the public informed as new, verified information becomes available,” the statement reads. 

In a previous release on September 9, the district warned that on the morning of August 27, certain CCSD systems were infected with a virus that “prohibited access to certain files.” According to the district, it immediately notified law enforcement and started an investigation which involved collaborating with third-party forensic investigators.

“While the investigation into this incident is ongoing, it was determined that CCSD was the victim of a criminal ransomware attack and is working to restore all systems to secure, full functionality,” the statement added.

The school district also acknowledged the data breach in a September 27 Facebook post.

The CCSD is not the only district to be impacted by hacking during the COVID-19 pandemic. Hartford Public Schools in Connecticut was forced to delay the district’s first day of school earlier this month due to a ransomware attack.

"We have been informed by Metro Hartford Information Services (MHIS), our City of Hartford shared services team that manages our network infrastructure, that the ransomware virus caused an outage of critical systems and the restoration of those systems are not complete," an online message by the school district read, according to NBC News.

According to an investigation by the Journal, US school districts have paid ransoms ranging from $25,000 to more than $250,000 to regain access to their data and systems after an attack.

“The value of doing this has gone up,” Evan Kohlmann, chief innovation officer at cybersecurity firm Flashpoint, told the Journal. “You have all remote employees, all remote students. How do you educate people entirely remotely if your whole system is down? The impact of these attacks have significantly increased.”

The Federal Bureau of Investigation (FBI) does not support paying a ransom in response to a ransomware attack. “Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the FBI explains on its website.

Discuss