Crown Point schools still investigating possible cyber hack – Chicago Tribune

/in


Crown Point Community School Corp. officials say it’s still unclear if personal information was accessed in a possible network breach that forced the cancellation of classes on Nov. 28.

Superintendent Todd Terrill advised staff and student families to monitor financial statements and credit card reports for suspicious and unauthorized activity.

“As previously noted, these investigations can take weeks,” Terrill said in a message to staff and families.

“I know many of you have concerns and have waited patiently for more news. Our team shares those concerns. Although we have not yet determined if any sensitive or personal information is at risk as a result of this event, we are providing you with information about proactive measures you can take to protect your or your child’s information should you feel it is appropriate to do so.”

Terrill said those concerned could place a fraud alert on credit files at no cost for one-year or place a security freeze on credit files which prohibits a consumer reporting agency from releasing information in a credit card report without express authorization.

He said once the investigation is complete, the district will directly notify anyone whose information is affected.

Assistant Crown Point Police Chief Jim Janda said the network outage incident hasn’t been reported to police.

After missing one day, students returned to class Nov. 29 and most everyday activities have resumed.

Last month, officials suspected the network was compromised and brought in a cybersecurity firm to investigate and work with the district’s technology team to restore service.

A year ago, the Duneland School Corp. in Chesterton experienced a computer system hack that exposed personal employee data including Social Security numbers, birth dates and insurance plan information.

The Duneland cyber breach is being investigated by the FBI, a school official said.

The district has updated its system to include two-factor authentication for access to its private network and a phishing email program was added for all users.

Geofencing was added on firewall policies, preventing traffic from outside the U.S. It switched to encrypted backups and added other tools to protect the…

Source…