IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Over 21,000 Victims Fear Theft After San Benito Schools Hack

Two months after a cyber extortion group hacked San Benito Consolidated Independent School District's network and stole confidential information, impacted families are seeing their data on the dark web.

Concept image of a hacker stealing a person's identity.
(TNS) — Like thousands of residents here, Ida Rodriguez is concerned a cyber attack on the San Benito school district's technology network could lead to the theft of her savings.

On Dec. 30, district officials mailed out more than 21,653 letters to employees and former employees along with students and former students.

Now, officials believe the victims' stolen information lies within the hackers' website inside the so-called dark web.

Last week, Rodriguez, a former district assistant principal, received a letter warning her confidential information was stolen in the cybersecurity breach discovered around Nov. 1.

"They can take your life's savings," Rodriguez, who retired in 2016, said Tuesday during an interview. "They have your Social Security number, they have your bank account. The damage is done. I'm just concerned for the community in general. People are complaining they weren't notified on time. Someone really dropped the ball. What a mess."

Like many residents, Raul Garcia, a former maintenance worker who retired about 20 years ago, received a letter addressed to another victim, Diana Garcia, his wife, said.

"Oh my God, I hope my husband's information isn't out there," she said. "You're looking at people's retirement. It's concerning to us. That's personal information that should be kept private. This is a disaster. Everybody's scared — especially people retired and getting benefits."


As part of an investigation, Cameron County District Attorney Luis Saenz has confirmed Karakurt, a data cyber extortion group, performed "a really sophisticated hack" to breach the district's security system.

On a government website, the FBI and the Cybersecurity and Infrastructure Security Agency warn Karakurt places its stolen personal information on the dark web, where the group makes it openly available.

A former district employee, who asked that his name not be used, said he has seen his phone number along with his children's and wife's personal information in the dark web.

About two months ago, he began receiving texted codes to log into a website, he said.

"I'm in the process of changing my bank account information," he said. "The kids — forever their information is out there."


For days, Facebook has been buzzing with residents' concerns after many began receiving letters addressed to other victims.

"Has anyone gotten someone else's letter from the data security incident that happened at SBCISD?" John M. Escobar posted. "I know of several people, including us, that their letter ended up somewhere else! This is not good! Someone is messing up bad! This should be of great concern to all of us! We need to bring it up to the administration."

In response, Laura L. Carmona stated she received the wrong letter.

"I got one with someone else's name but my address is in San Marcos!" she posted.

The number of letters mailed to wrong addresses was unclear.

"Seems like a lot of people are getting letters at their addresses but the letters are not theirs!" San Juana Limon posted. "Who messed up here? This is of great concern to all of us! Something has got to be done!


On Tuesday, district spokeswoman Isabel Gonzalez stated officials mailed the letters "to the last known addresses that the district had on file for the involved individuals."

"If the district had no valid address on file, the addresses were identified through the National Change of Address database and other publicly available information," she stated.

Officials are requesting victims who received letters mailed to others return them to district offices.

"If you suspect you may have erroneously received a letter or perhaps received one intended for another individual, we respectfully request that you mark the letter as 'wrong address' and return the letter to the return address," Superintendent Theresa Servellon stated.


A district investigation found the cyber attack occurred before Nov. 1, Servellon stated Friday on the district's website.

"On Nov. 1, 2022, the Texas Education Agency, through the Region One Educational Service Center's Cybersecurity Department, informed San Benito CISD that sophisticated cyber criminals had allegedly gained unauthorized access to the district's servers based upon San Benito CISD's name appearing as a victim on the cyber criminals' website on the dark web," she stated

"The district immediately initiated its incident response plan and engaged outside cybersecurity experts to assist in its response and conduct an investigation," she stated.

From Nov. 4 to Dec. 16, the district conducted an investigation which found "an unauthorized party gained access to the district's network and took certain files from the district's servers prior to Nov. 1," she stated.


Then, officials began trying to identify employees and students whose personal information was stolen.

"During this time, our technology department conducted a thorough and exhaustive review of those involved files to identify each person, the information specific to each person included and to locate each person's contact information to notify them of the incident," Servellon stated. "In addition, the district developed bilingual notification letters and established a dedicated helpline where involved individuals can call to ask questions about the incident."

On Dec. 30, officials mailed out 21,653 letters to victims' last-known addresses, with 12,080 letters sent to children, including "additional information about the incident and specific instructions for activating the free, one-year membership to identity monitoring services offered by the district through Experian," Servellon stated.

"San Benito CISD remains committed to protecting the confidentiality and security of the personal information it maintains," she stated. "To help prevent another incident from occurring, the district has worked with outside experts who have advised on enhanced security measures which the district has implemented to further strengthen the security of its network."

©2023 Valley Morning Star (Harlingen, Texas). Distributed by Tribune Content Agency, LLC.