The incident is still being investigated by the district and the teams its insurance provider has brought in, so only limited information can be shared publicly, Olympia superintendent Laura O'Donnell said.
The district learned about the incident on Feb. 26. The district's network director was made aware of it early that morning and went to the office to start mitigating damage, said Sean Mullins, director of instructional technology.
"His quick work there probably did a lot to help things in the long run," Mullins said.
Feb. 26 was a Sunday and the district was not entirely sure where access to systems stood by that evening, so it used a remote learning day on Feb. 27. The district emailed parents both days to inform them about what it could share at that point.
The district is still determining exactly what was accessed. However, the district's Skyward system and Google Drive system do not appear to have been impacted, O'Donnell said.
The district had implemented multifactor authentication over the past year, which seems to have helped mitigate the potential damage.
"That really saved our current Google Drive and those files," O'Donnell said. "(...)It could have been a lot worse than it seems to have been."
The district's general insurance provider had required the shift to avoid a large hike in premium rates, she said. Other area districts have also seen cybersecurity insurance costs going up.
"It was really the time to do it," Mullins said of multifactor authentication. "(...) It was very good timing in that regard."
Working with the cybersecurity provider has helped district staff gain a better understanding of what they need to be looking at, he said.
"This is a time where not only is everybody on board to start making these changes and going in this direction, but also there is a lot of outside confirmation (of these practices)," Mullins said.
The district wants to avoid sharing any incorrect information, including information about what files or systems were or were not affected, but hopes to update families next week, around one month after the initial incident.
©2023 The Pantagraph (Bloomington, Ill.). Distributed by Tribune Content Agency, LLC.
