Data theft plaguing K-12 schools after holiday season attacks

Schools across the U.S. remain fertile targets for hackers, with a slate of K-12 entities contending with cyberattacks and data thefts following the holiday season.

Since the start of the year, a handful of schools have reported data breaches including Butte School District in Montana, Edmonds School District in Washington, Fullerton Joint Union High School District and Glendale Unified School District in California.

Other school districts, like Ohio’s Groveport Madison Schools, are in the process of recovering from ransomware incidents.

Officials at the school district told Recorded Future News that it took them about a month to restore their systems following a ransomware attack discovered on December 5.

“The hackers identified themselves as BlackSuit immediately when the hack began,” a spokesperson said, referring to a group the FBI and CISA believe is a rebrand of the Royal ransomware gang. “We have worked with local and federal authorities on this issue. They stole some staff data, but that was it. We did not have to close school during this attack.”

“We had a few days without internet usage and had ‘old school’ teaching. We were able to fully recover within a month.”

The school district serves about 6,000 students in Franklin County, Ohio. Superintendent Jamie Grube said they were warned of the attack by the Cybersecurity and Infrastructure Security Agency (CISA).

CISA told them to shut down all internet access but the ransomware gang was able to cause damage to several Windows devices, security cameras and printers.

“Even though internet is down, all phones are still working and the school day is continuing as normal. We want to assure you that, based on our preliminary assessment, no student or staff data has been compromised during this breach,” Grube said at the time of the incident.

Not a drill

As schools become increasingly connected to cloud-based platforms, cybersecurity researchers continue to find vulnerabilities in the popular software they use for a variety of tasks.

Earlier this month, vpnMentor cybersecurity researcher Jeremiah Fowler discovered millions of records left exposed by school security company Raptor Technologies.

Fowler said he was able to see school incident response plans, school layouts as well as documents on malfunctioning cameras or physical security gaps. The exposed database also had troves of information on background check systems, at-risk students, emergency drills and more.

Lawyers are now seeking out people who may have had their information exposed and the Washington, D.C. public school system began notifying parents that Raptor Technologies has informed them of student information exposed as part of the situation.

“We were recently made aware that Raptor Technologies, the proprietors of our new visitor management software, was alerted to vulnerabilities within their platform by a cybersecurity researcher who was unauthorized to access their data systems. As soon as we learned of this potential data breach, we immediately contacted Raptor representatives and suspended the use of their software in our buildings,” Amy Maisterra, deputy chancellor of DC Public Schools, told parents in an email.

“As Raptor continues its investigation, I want to assure our families that while some districts use Raptor to also store and manage school Emergency Response Plans (ERPs), DCPS is not utilizing this feature. No ERPs for any of our schools were stored within the Raptor platform and therefore they were not accessible.”