School officials said they thought they were dealing with computer server glitches in early September when the district's Internet, phone and email systems experienced disruptions. Later in the month, signs of a cyber invasion became more evident, but the district declared it had "thwarted" an attack.
Neither was the case.
A data-extortion group known as "Karakurt" has since claimed to have stolen huge amounts of personal data from the district. Last week, the group said it was making the data, including social security and drivers license numbers, available for sale online.
Karakurt set a deadline of Oct. 31 for the Davenport Community School District, DCSD, to meet its ransom demands. District officials said they declined to do so.
While he did not reveal details, school district spokesman Mike Vondran confirmed a ransom demand was made, but the district did not pay. He also elaborated on the timeline of events.
When the district realized it was likely they had, in fact, lost data to a breach, the Iowa Attorney General's Office was notified, as required by Iowa law, Vondran said.
"DCSD determined that it had experienced a network security incident on Sept. 7," he wrote in an email. "However, DCSD did not learn of the impact to personal information until Oct. 10 as a result of work done by independent cybersecurity experts engaged to assist with the response effort.
"DCSD then worked promptly to identify mailing information for all potentially impacted individuals, identify and engage a vendor to provide notification, call center and identity protection services, and mail the notification letters. Unfortunately, that process simply takes time but was completed as quickly as possible."
The notification list included 6,409 people whose personal data may have been compromised.
The district is continuing to work with independent parties to investigate how the breach has and will impact Davenport schools, and Vondran said, they're "working diligently to implement measures to help prevent a similar incidents from occurring in the future.
"The district has been working with independent cybersecurity experts to investigate this incident, conduct an investigation to determine the source and scope thereof, and assist with the implementation of measures to bolster DCSD's security to help prevent a similar incident from occurring in the future."
Because of ongoing investigations, district officials said, they are not able to disclose the expenses, such as legal and technical fees, that have accrued as a result of the attack.
Beginning on Monday, Oct. 24., the district experienced disruptions to email and phone systems, however, all impacted systems have since been restored.
©2022 Quad City Times, Davenport, Iowa. Distributed by Tribune Content Agency, LLC.
