Haywood County Schools began the process of notifying employees their data may have been breached by a cybercriminal ring that hacked the school's servers in August.
(TNS) — Hundreds of current and former Haywood County Schools employees got letters this month informing them their private information could have been compromised in a cyberattack against the school system.
A cybercriminal ring hacked the school's servers in August and attempted to blackmail the school system into paying a ransom in exchange for unlocking the network — including a threat that the hackers would post the data they obtained on the dark web if the school system didn't pay up.
Anyone who potentially had their information compromised is being offered free financial and identity protective services and monitoring.
"If there was any potential the hackers got anything on that person, we sent them a letter," Superintendent Dr. Bill Nolte said. "We thought it was better to notify unnecessarily than to not notify."
The specialized firm hired to provide the monitoring service is being paid by the school system's cyberinsurance firm, which also paid to rebuild the school system's servers. The only cost to the school system was its $10,000 deductible.
The school board decided not to pay the cyberransom under advisement from investigators, as doing so only emboldens hackers to go after others. Even if the school system had paid up, the security monitoring service would have still been necessary.
The exact number of letters that went out has not been made public, but the list includes those who worked for the school system dating back to the early 2000s. Letters also went out to some families of students and substitutes who may have had their information compromised.
Exactly what that information consisted of varies — with some of it being reasonably benign.
For example, a list of substitutes' phone numbers and a list of personal cell phones of principals and department heads were among the data drop the cybercriminals posted on the dark web. The disciplinary records of some students were also caught up in the hack.
Whether that information could ever be used for sinister purposes is questionable, however.
"Receiving a letter does not mean that you are or will be a victim of identity theft. Out of an abundance of caution, however, we are offering identity services to you," according to a list of FAQs put out by the security firm.
One thing that wasn't stolen in the cyberattack is payroll or direct deposit information of employees, as that's handled through a third-party and not stored on the school system's servers.
"We are not aware of any bank account information that may have been compromised," Nolte said.
Nolte said he was among those who had a letter show up in his mailbox.
The letter provides instructions on how to sign up for the protective service, including the number for the call center of the firm hired to provide the service.
©2021 The Mountaineer, Distributed by Tribune Content Agency, LLC.
Never miss a story with the daily Govtech Today Newsletter.