LAS VEGAS (KTNV) — Clark County School District says it is "unable to verify" newly-reported claims about a "data security incident" first reported last month, but the district says it is investigating and cooperating with law enforcement.
On Monday the Wall Street Journal reported that a hacker stole and then published documents containing private information about students because officials did not give in to a ransom demand.
PREVIOUS:
The district has previously said it was a victim of a ransomware attack where a virus blocked access to certain files and that it was unable to determine if sensitive information was accessed.
Cybersecurity threat analyst Brett Callow says the district was being blackmailed by hackers.
“If the targeted organization doesn’t pay or doesn’t pay quickly enough, whatever data got stolen gets posted online,” he said.
Callow followed this threat and says hackers sent a warning earlier this month. The information was dumped online late last week when the ransom demand for an unknown amount wasn’t met. He says ransom demands like these have happened to other school districts across the country.
“The average is somewhere between probably $150,000 to $250,000,’ he said.
He says all of the sensitive information was easily accessible without a password.
“If you know the URL of the website, it’s accessible to virtually anybody,” Callow said.
The Wall Street Journal says "Social Security numbers, student grades and other private information" are among the sensitive information reportedly published on the hacker's website. The story includes a redacted image of a CCSD personnel form.
In response to inquiries about the new report the school district told 13 Action News:
National media outlets are reporting information regarding the data security incident CCSD first announced on Aug. 27, 2020. CCSD is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement. The District is unable to verify many of the claims in the media reports. As the investigation continues, CCSD will be individually notifying affected individuals.
The district says it "values openness and transparency and will keep parents, employees and the public informed as new, verified information becomes available."
Parents, guardians, and faculty with questions are advised to call 1-888-490-0594 or visit ccsd.net for more information.
Rebecca Garcia, president of the Nevada PTA was disturbed by the hack saying it targeted the most vulnerable.
“If criminals are attacking a school district, they may see it as an easy target, but in the end, who they are hurting are children,” she said.
John Vellardita executive director of the Clark County Education Association says he’s glad no ransom was paid but believes there may be more hacking incidents.
“The entire economy is more or less online, let alone our education delivery system, so it’s like a new market for these hackers,” he said.
