Dive Brief:
-
A June 17 cyberattack against the Alabama State Department of Education may have compromised student and employee data, including some personally identifiable information.
-
The state education department thwarted hackers from accessing all targeted servers in an attempt to lock down its computer system, according to a July 3 announcement. The cybercriminals were still able to access some data and disrupt services before the department’s information system staff could stop the cyberattack.
-
All services are now restored and extra cybersecurity protocols are in place at the department, and a criminal investigation into the cyberattack is underway. The agency added that it is not negotiating with foreign actors or extortioners, as the FBI warns against paying hackers.
Dive Insight:
All of the Alabama State Department of Education’s data has been restored using clean backups following last month’s cyberattack.
The department still doesn’t know what specific information was compromised, and it is working with the FBI and other experts to monitor the aftermath of the incident.
“Like other public schools, agencies, hospitals, and businesses that have been hit by criminal syndicates, it is disappointing and disheartening to learn that hackers were able to break through our security system to access data,” the department said in its July 3 statement.
The incident comes a year after the Minnesota Department of Education fell victim to a global cyberattack against MOVEit software, which is often used by government agencies and companies to transfer sensitive data files. The breached data included the names of 95,000 students in the state’s foster care system, including their birth dates and the counties of their foster care placements.
While it’s fairly uncommon for state education agencies to publicly disclose cyberattacks, schools and districts are more likely to report falling victim to ransomware attacks. Ransomware is a particularly common type of cyberattack that uses malicious software to prevent someone from accessing their computer files, systems or networks until a ransom is paid.
Such incidents are costly for schools and often lead to a breach of sensitive student and staff data. For instance, ransomware attacks against K-12 and higher education institutions across the world that occurred between 2018 and September 2023 are estimated to cost over $53 billion in downtime.
More recently, the Los Angeles Unified School District said it was investigating claims that its millions of district records are for sale on the dark web. It has not been confirmed whether the alleged LAUSD data up for sale for $1,000 is related to a major ransomware attack against the district that occurred in September 2022.
As ransomware attacks remain a real threat to the education sector, the federal government has been developing cybersecurity resources and supports for school districts and state education departments.
Earlier this year, the U.S. Department of Education and the Cybersecurity and Infrastructure Security Agency formed a Government Coordinating Council for the Education Facilities Subsector. The council aims to expand collaboration among federal, state, tribal and local governments to bolster schools’ cyberdefense.
The Federal Communications Commission also approved a $200 million, three-year K-12 cybersecurity pilot program in June, and eligible schools and libraries can use those funds to help secure their networks. A CISA official also recently shared with K-12 Dive the latest cybersecurity resources schools can tap into through the agency, including a free service to scan and test local governments’ vulnerabilities within their external networks or public web applications.
