A hacker has released a cache of private information of students and employees that was stored by a Las Vegas school district after officials allegedly refused to provide them with the requested ransom, according to a report.
Clark County School District first announced it had experienced a “data security incident” on Aug. 27, 2020, when “certain CCSD systems became infected with a virus that prohibited access to certain files,” the district said. Weeks later, the hacker published information that was held by the district, including addresses, employees’ social security numbers, and students’ birthdates and grades, The Wall Street Journal reported on Monday.
In response to the national reports, CCSD said later that day that it “is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement.”
“The District is unable to verify many of the claims in the media reports,” states a memo on CCSD’s website. “As the investigation continues, CCSD will be individually notifying affected individuals.”
The response, which was shared on the district's Facebook page, received a flurry of criticisms from people who appeared to be concerned about the lack of communication regarding the breach.
"Learning of the specifics of this data breach via Twitter and local/national news outlets instead of from the district itself is a complete failure in transparency and communication on the district’s behalf," one person wrote. "Bad policy, terrible PR."
CCSD is the largest school district in the state with more than 300,000 students, according to Niche.com.
Cybersecurity expert Brett Callow told the Journal the hacker issued a warning to the school district on Sept. 14, when they shared a piece of what appeared to be non-sensitive, but stolen information to the county’s website.
But the hacker later shared an unspecified amount of additional files that contained the more sensitive details, Callow told the Journal, adding that the hacker claimed to have published all the county documents they had obtained.
In an extended statement posted to the school district’s website at the end of August, the CCSD described how the hacker used a virus to infiltrate the system and prohibit access to certain files.
“Upon discovery, CCSD immediately notified law enforcement and began an investigation, which included working with third-party forensic investigators, to determine the full nature and scope of the incident and to secure the CCSD network,” CCSD said in the statement. “While the investigation into this incident is ongoing, it was determined that CCSD was the victim of a criminal ransomware attack and is working to restore all systems to secure, full functionality.”
Early on, the district reported that the breach appeared only to impact current and former employees, according to the Associated Press.
The Federal Bureau of Investigations “does not support paying a ransom in response to a ransomware attack," according to the agency's "Ransomware" webpage.
“Paying a ransom doesn’t guarantee you or your organization will get any data back,” the webpage states. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”
Meanwhile, school officials encouraged anyone in the county to check and monitor their credit reports and call a dedicated helpline – 888-490-0594 – if there are any questions.