Citing an ongoing investigation into the incident, spokesperson Julie Ann Matonis said the district could not provide any additional information on the matter.
"We appreciate the understandable interest our community has in relation to this matter, but cannot provide further detail at this time as we have an active and ongoing investigation," Matonis said in a statement.
After noticing connectivity problems on March 23, AHISD officials announced to district families on March 27 they had resolved the issue and restored district technology systems with the help of external forensic investigators. This meant the external threat no longer had access to the district's network, Matonis said. The district had been successfully walled off from the external intrusion.
"Due to the complexity of these incidents, investigations are labor-intensive and typically take several weeks to complete following restoration," she wrote over email. "We are diligently working to identify the full scope of the information involved."
TO PAY, OR NOT TO PAY?
Former FBI special agent William Odom, who started his career with the federal bureau in New York before transferring to Houston, explained the agency's recommendation.
Paying a ransom does not guarantee an organization will recover its data following a ransomware attack, he said. Hackers have provided incorrect keys to recover data or asked for more money after victims pay the original ransom.
"You're not dealing with a legitimate business or somebody that you can get reliable information from," Odom said. "You're taking a risk."
The co-founder of a technology consulting firm, Orbital Data Consulting, Odom now helps clients respond to incidents like the one in Alamo Heights ISD and protect themselves against cyber attacks. He said it is ultimately up to each victim how they wish to respond to an online attack, given the individual circumstances and how much data hackers compromised.
"It really does become a cost-benefit analysis, and certainly for school districts that have a limited budget, that's part of the issue," he said.
Backing up data and building a cybersecurity plan before an attack occurs gives school districts more strategies to mitigate harm. This could include assessing vulnerabilities in digital networks, auditing which stakeholders should have permissions to technology systems and ensuring proper training for staff members.
"Particularly in this case where it's a ransomware attack, the way that the bad actors find their way in is not as high-tech as most people think," he said.
A staff member could have clicked a link in an email that they thought was "legit," and not seen anything happen in the moment, Odom said.
"A lot of the ransomware that we've seen recently has gotten a bit more complex," he said.
While the number of ransomware attacks across other industries has decreased, they have remained a real and continued threat to school systems, which serve a critical function. They also may not have the levels of security as many other organizations of the same size, like for-profit corporations, Odom explained. This makes school districts vulnerable targets.
CYBERSECURITY IN THE POST-COVID WORLD
Cyber attacks targeting school districts have ramped up since the COVID-19 pandemic.
In 2021, Judson ISD paid hackers over $500,000 to protect sensitive personal information after a month-long attack that compromised personal data and shut down the district's phones, computers and email systems.
Judson ISD Assistant Superintendent of Technology Lacey Gosch spoke to Texas lawmakers in 2023 about the incident, asking for extra state support.
"The topic of ransomware is rarely shared among organizations and is viewed as a scarlet letter or badge of dishonor to technology and security teams," she said in the statement. "I am here to testify that this issue must be discussed openly and provide support to adequately protect, prevent, and mitigate cybersecurity breaches."
Earlier this school year, the Uvalde Consolidated Independent School District canceled classes for part of a week in September 2025 due to an attack.
In September 2019, lawmakers passed Senate Bill 820, mandating districts adopt cybersecurity policies, designate a cybersecurity coordinator and report breaches to the Texas Education Agency.
To support districts as these attacks increase, the TEA launched a K-12 Cybersecurity Initiative in 2023 to help districts increase their preventative measures. The initiative strongly encouraged school systems to implement digital controls, including Multi-Factor Authentication, protections against email phishing and ransomware-detection systems on district servers and devices.
Texas legislators approved an additional $42 million in funding to extend the initiative through August 2027.
Public school systems have been the target of these attacks across the country.
Hackers targeted the Minnesota Department of Education in 2023, and New York City Public Schools has experienced a cybersecurity incident almost every year since 2022, according to the district website.
"Be aware. We tell that to everybody every day," Odom concluded.
© 2026 the San Antonio Express-News. Distributed by Tribune Content Agency, LLC.
