Suburban DC school district responds to cyberattack

Prince George's County Public Schools — one of the largest school districts in the United States — announced on Monday that it discovered a cyberattack on its network.

The district is the second-largest in Maryland and serves more than 130,000 students in the Washington, D.C., suburbs. Officials did not respond to requests for comment.

District leaders initially said they were working to address a “broad network outage” that knocked out email and other services. On Monday night, the district released a statement saying 4,500 of the system’s 180,000 accounts were “impacted.”

The statement does not explain whether “impacted” means the accounts were simply accessed or if they had sensitive data stolen from them. The affected accounts primarily belonged to staff members, the statement said.

“The school system is still assessing the full scope of this incident, but as of this time, the main business and student information systems — Oracle and SchoolMAX — do not appear to be impacted,” officials said.

“Critical network systems have been restored and additional functions will continue to be brought back online tonight; however, out of an abundance of caution, all PGCPS users will be required to reset their passwords on Tuesday, Aug. 15.”

Impacted users will be contacted with more information about their accounts once a cybersecurity firm finishes its investigation of the incident, PGCPS said.

The district posted a similar message on its website, adding that any staff members who registered accounts with the county’s self-service password tool would need to reset their passwords. Some teachers wrote on Facebook that the page to change their password was not working.

The attack comes as the district prepares for the first day of school on August 28. The comment section of the district’s Twitter statement was full of questions about whether class schedules for teachers would still be released.

The district did not respond to requests for comment about that or whether the incident was a ransomware attack.

The attack on PGPCS would be the latest in a string of incidents affecting the biggest school districts in the U.S. in 2023. Throughout the last school year, dozens of schools in Minnesota, Iowa, West Virginia, California, Pennsylvania, New Hampshire, Arizona, Massachusetts and more dealt with outages as well as the theft of sensitive student and employee data.

Down the road in Washington

The problem has become so concerning to the U.S. government that first lady Jill Biden reorganized her schedule in order to attend a White House-led “Cybersecurity Summit for K-12 Schools” last week.

Senior Biden administration officials announced a slate of measures at the event — including increased cybersecurity funding and private sector collaboration — designed to address the spate of cyberattacks.

Officials noted that a review had shown that the White House had limited regulatory authority over the education sector, prompting it to take other steps to address the issue.

“It's crystal clear: we must take cyberattacks on our schools just as seriously as we take physical attacks on critical infrastructure,” Deputy Education Secretary Cindy Marten told reporters.

“That's why, as we head back to school, it's critical we bring everyone together so we can help ensure that our schools are well equipped with the necessary guidance and also support so that we can raise awareness of this issue.”