Clickability tracking pixel

Connecticut School District Offline After Cyberattack

Public school email and Internet remain offline in Hamden, Conn., as the town addresses a cyberthreat that officials say was likely transmitted through a link in a phishing email, which is a common cause of such issues.

by Clare Dignan, New Have Register / January 17, 2020

(TNS) — Public school email and internet remain offline in Hamden, Conn., as the town addresses a cyber threat.

Superintendent of Schools Jody Goeler said malware “was likely transmitted through a link in a phishing email, which is almost impossible for anti-virus measures to detect.”

Malware is malicious software meant to infect devices and give an attacker control over computer systems.

Fiscal data and student data is stored remotely — not part of the school network — so that data wasn’t affected, Director of Innovation, Technology and Communications Karen Kaplan said.

“For our most critical data, we have no reason to believe anything was compromised in any way,” she said.

The incident only affected staff devices, the superintendent said.

“We currently know of about 30 staff devices that were affected,” Goeler said. “We are not aware of any student devices that were impacted.”

Schools have remained in session since the attack and staff have been allowed to use their devices offline.

The cyberattack hit the schools Thursday of last week and, upon discovering it, Hamden schools administrators immediately disconnected from the internet so no further infections could occur. Goeler said that step limited the damage caused by the malware.

“Although not having internet and email has been challenging, we are pleased to say that our network structures, practices and safeguards protected our most critical data, and thus kept a difficult situation from being much worse,” Goeler said.

The administration also suspended Hamden.org email servers. The administration sent a voice message to parents and posted it on the school website that schools should be contacted by phone and not email until the issue is resolved.

The district still is investigating the extent of the attack and couldn’t say whether it is ransomware, according to Kaplan. But no one belives this was a targeted attack, she said.

“What’s most important to us is we have no reason to believe that any student data was stolen or that any student data was accessed in any way,” Kaplan said. “That we’re almost certain of because we don’t store student data locally. It’s stored in the cloud.”

She said rumors that personal information had been stolen were false because that data isn’t stored on devices.

“We’ll be able to restore data to everyone eventually,” Kaplan said. “It’s not going to be a quick fix because we have to make sure the virus isn’t on any machines. Our goal right now is to restore our critical services, which begins with email, our financial services so bills and staff can get paid, and internet access.”

The schools use many online services, which will be down until the end of next week or longer, Kaplan said, but then schools will be brought back one at a time as each device is individually cleaned.

“We want to be 100 percent confident that nothing is hiding in it,” she said.

The district and school websites continue to operate because they were not affected.

“We are working closely with cybersecurity experts to investigate the malware's presence in our system and restore services throughout the district as quickly as possible,” Goeler said, and expected email to be available at the end of the week.

The district will continue to update families and staff through phone calls and the school website until the situation is resolved.

Kaplan said the district has tried to teach staff to recognize phishing emails and since the attack they’ve asked administrators to review protocol for when suspicious emails are received by staff.

“It’s impossible to block against all these things, so educating users is the most important part and that’s why we continue messaging to our staff as these things evolve,” Kaplan said.

Late last year Hamden town hall suffered a malware attack that compromised employee computers. Employees got an email containing a computer virus that some people opened, clicking on a link meant to infect their computers.

Kaplan said they don’t know yet whether the two attacks are connected, but the district is investigating it.

In January, the town administration asked Legislative Council for a bid waiver to continue using the information technology company it had been when town hall suffered the attack.

The council tabled the item until a future meeting.

©2020 the New Haven Register (New Haven, Conn.). Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

E.REPUBLIC Platforms & Programs