IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Crown Point Community Schools Confirms Ransomware Attack

A public school district in Indiana confirmed that a staff member fell for a phishing email last November. The ensuing ransom payment, technology updates and legal costs amounted to $1 million.

phishing attack
(TNS) — Crown Point Community Schools was a victim of a ransomware attack last November, according to its Superintendent Todd Terrill.

During Monday's Crown Point school board meeting, Terrill gave a timeline of the cybersecurity breach that occurred last November.

The breach caused the school district to cancel classes for one day.

According to the superintendent, Crown Point schools discovered someone accessed their networks Nov. 21. They later found out someone first gained access to their system Nov. 17.

At first, the school district's technology team found encrypted files on their servers. At that point they took all their systems offline, Terrill said.

The school district then retained a third-party cybersecurity specialist who confirmed the breach was a ransomware attack.

According to Terrill, the attack occurred after a staff member fell for a phishing email.

After getting in contact with the FBI, Homeland Security and the Indiana Department of Education, the school district made contact with the hackers through the third-party specialist.

The payment was finalized just before students went on winter break with it being made with the assistance of a third-party broker, according to the superintendent.

Terrill said that since the ransom was paid, student and staff information was turned over to the school district instead of being sold online. However, they still had to investigate whether any personal information was accessed in the breach.

In January, Crown Point schools started their investigation. Terrill said no financial information was accessed and most documents affected were Word and Excel files. Their investigation lasted until May. At that point, the school district began sending out notifications to those possibly affected. Individuals began receiving letters about the breach in late July.

The superintendent also outlined the steps Crown Point schools have taken to upgrade its technology, which includes required phishing and cybersecurity training for its staff, a new software system, a more secure firewall and requiring stronger passwords from staff and students.

In total, the ransom payment, technology updates and payments to the specialists and legal teams cost the school district $1 million, according to Terrill. He mentioned most if not all of the cost, excluding the ransom payment, would be covered by their insurance.

©2023 The Times (Munster, Ind.). Distributed by Tribune Content Agency, LLC.