On Oct. 5, Nevada’s Clark County School District (CCSD) discovered a cyber incident “impacting its email environment.” The district found hackers had accessed personal information about some employees, parents and students. Last week, some parents also began receiving alarming emails, containing private information about their children, 3 News reported.
Brandi Hecht, who is one of those parents, told the outlet she received an email "warning me that my children's information was released or hacked into and it had three PDF files. Each one had my children's picture, all of their contact information, email addresses, student ID numbers, my information, our address."
By the end of the month, hackers had leaked information on 200,000 students and claimed to still have access to the school district’s network, DataBreaches.net reported. The attackers — going by the name SingularityMD – also told DataBreaches that they had stolen a total of 68.8 GB of data, of which they’d leaked about 4 GB.
The group said in a posted statement that they would destroy the stolen data in exchange for extortion equal to “less than one third of the [Superintendent] Jesus F. Jara’s annual salary;” and that salary is about $395,000 per year, per DataBreaches.
Details about the incident are still emerging.
CCSD said that after discovering a cybersecurity incident, it responded by restricting Google Workspace access to only users on the internal school district network. It also forced a student password change. On Oct. 25, the school district said it anticipated fully restoring Google Workspace access soon.
The Google Workspace disruption made it difficult for some students to access assignments, per the local paper, the Las Vegas Review Journal, and the leak raises fears of identity theft.
The school district has said it was working to identify everyone affected by the incident, a process that could take several weeks. It planned to notify impacted individuals via mail.
SingularityMD told DataBreaches that the hacking group had gained access to the district’s system by first compromising a student account, writing, “[We] then accessed information available to any student to escalate from there to teacher to systems-level access for one or two systems.”
Since the incident, the district has also sought to improve some defenses. In an email to employees, the district said it would implement multifactor authentication (MFA) on all “shared and generic accounts,” per the Las Vegas Review Journal. MFA was already required on staff user accounts, but will not be required for student accounts.
Employees also will lose the ability to automatically forward emails to another address, the outlet reports. Additionally, elementary and middle school students will be blocked from sharing documents with users outside the district, and the students will be unable to create shared drives or Google Groups.
This isn’t the first cyber incident for CCSD, which was hit just three years ago. In 2020, cyber extortionists reportedly published sensitive student and staff information, including Social Security numbers, after the district refused to pay a ransom.
School cybersecurity has been getting increased attention from the White House, and the Cybersecurity and Infrastructure Security Agency will be discussing it as part of tomorrow’s National Summit on K-12 School Safety and Security.
