Tag Archive for: school

The Tragic Fallout From a School District’s Ransomware Breach

/in


Ransomware gangs have long sought pain points where their extortion demands have the greatest leverage. Now an investigation from NBC News has made clear what that merciless business model looks like when it targets kids: One ransomware group’s giant leak of sensitive files from the Minneapolis school system exposes thousands of children at their most vulnerable, complete with behavioral and psychological reports on individual students and highly sensitive documentation of cases where they’ve allegedly been abused by teachers and staff.

We’ll get to that. But first, WIRED contributor Kim Zetter broke the news this week that the Russian hackers who carried out the notorious SolarWinds espionage operation were detected in the US Department of Justice’s network six months earlier than previously reported—but the DOJ didn’t realize the full scale of the hacking campaign that would later be revealed. 

Meanwhile, WIRED reporter Lily Hay Newman was at the RSA cybersecurity conference in San Francisco, where she brought us stories of how security researchers disrupted the operators of the Gootloader malware who sold access to victims’ networks to ransomware groups and other cybercriminals, and how Google Cloud partnered with Intel to hunt for and fix serious security vulnerabilities that underlie critical cloud servers. She also captured a warning in a talk from NSA cybersecurity director Rob Joyce, who told the cybersecurity industry to “buckle up” and prepare for big changes to come from AI tools like ChatGPT, which will no doubt be wielded by both attackers and defenders alike.

View more

On that same looming AI issue, we looked at how the deepfakes enabled by tools like ChatGPT, Midjourney, DALL-E, and StableDiffusion will have far-reaching political consequences. We examined a newly introduced US bill that would ban kids under the age of 13 from joining social media. We tried out the new feature in Google’s Authenticator App that allows you to back up your two-factor codes to a Google account in case you lose your 2FA device. And we opined—well, ranted—on the ever-growing sprawl of silly names that the cybersecurity industry gives to hacker groups.

But that’s not all. Each…

Source…

Social security numbers exposed in N.J. school district data breach

/in


The social security numbers of Bridgewater-Raritan school district employees were exposed when someone hacked into the district’s computer system in December, officials said.

In addition to social security numbers, an “unauthorized actor” had access to insurance enrollment information for employees s and “other individuals,” the Somerset County district said in a statement.

The district didn’t say how many employees were affected by the computer breach, which took place between Dec. 10 and Dec. 12.

District officials learned of the breach Dec. 12 when they noticed “suspicious” activity on the computer network.

The school district sent letters to the affected employees Jan. 27 and offered them free membership to identity monitoring services.

Anyone impacted with questions can call a call center at 877-869-4553 from 9 a.m. to 9 p.m., Monday through Friday.

The school district “takes privacy and confidentiality very seriously and continues to take steps to enhance the security of its computer systems and the data it maintains,” Bridgewater-Raritan school officials said in a statement.

Bridgewater police and district officials couldn’t immediately provide additional information.

Our journalism needs your support. Please subscribe today to NJ.com.

Jeff Goldman may be reached at [email protected].

Source…

Ransomware attack costs school board more than $300K

/in


Huron-Superior Catholic District School Board is projecting a deficit due to cyberattack; board also doling out cash for credit monitoring, cybersecurity measures

SAULT STE. MARIE — The Huron-Superior Catholic District School Board will operate with a $325,000 deficit for its 2022-2023 budget due to a ransomware attack that crippled the board’s information systems in mid-December and compromised personal information belonging to a number of its employees. 

“This deficit is a result of the cyber incident,” said business superintendent Justin Pino in an email to SooToday Monday. “Before the incident the board was projecting a balanced budget.”  

Additional expenses related to the Dec. 15 cyberattack covered by the board’s cyber insurance are not being disclosed. 

The English Catholic school board is also spending USD $69,212 annually for three years on software from SentinelOne, a California-based cybersecurity company, in order to protect it from potential cyberattacks. 

A two-year credit monitoring service for affected school board employees through TransUnion will run the board $30,000 following the Royal ransomware attack, which resulted in the theft of personal information — including social insurance numbers and banking information — for staff members employed by the board between 2019 and 2022. 

Board officials are not disclosing whether or not the school board paid a ransom to the attackers. 

 

 

 

 

 

 

Source…

Hackers got into L.A. school computers earlier than disclosed

/in


An intrusion into the computer systems of the Los Angeles school district began more than a month earlier than previously disclosed and likely exposed confidential information, including Social Security numbers, of more than 500 people who worked for district contractors, according to information filed with the state.

As the district previously disclosed, the security breach does not appear to extend to the payroll records and Social Security numbers for the tens of thousands of district employees. An undisclosed number of students enrolled at some point from 2013 through 2016 and some employees during that period appear to have lost information that includes their date of birth and address. California school districts don’t collect student Social Security numbers.

The updated information comes by way of a “Notice of Data Breach” that the nation’s second-largest school system was required under state law to send to potential victims.

School district officials Friday did not provide information on the number of possible victims. In addition to having to notify victims, a notice letter must be filed with the state attorney general when the number of those affected surpasses 500 California residents, the mandated threshold for public notification.

District officials had previously stated that there would be a small but not-yet-determined number of victims — “outliers,” as Supt. Alberto Carvalho described them. The victims would be notified and assisted, he added, while emphasizing that the overriding narrative was one of a worse disaster averted.

Hackers made off with about 500 gigabytes of data — a figure agreed on by both the hackers and the school system. That’s a large haul compared with what an individual user would maintain, but a tiny fraction of the data under the control of L.A. Unified.

Stealing data is only one part of an attack. The second part involves encrypting computer systems so that its users cannot get in, paralyzing the ability to conduct everyday business. Hackers managed to encrypt servers in the district’s facilities division, but had limited success elsewhere, even though normal operations, including classroom instruction and…

Source…