Multiple Attacks on Schools - Student and Parent Data Exposed!
Table of Contents
- By Dawna M. Roberts
- Published: Oct 20, 2020
- Last Updated: Mar 18, 2022
Schools across the country are under attack from identity thieves exposing student records and parents’ information. Children’s social security numbers are like the golden key to the city, and hackers are targeting school databases to fill their pockets.
TPS - Toledo Public Schools Ransomware Attack
Last week the Toledo Public Schools (TPS) reported that they had fallen victim to a major ransomware attack that exposed both staff and students’ personal details, including social security numbers. The school said that the attack occurred in September, just as schools were reopening.
Cybersecurity experts have identified the source as Maze ransomware. Using Maze, criminals stole more than nine gigabytes of data, including addresses, names, and social security numbers for staff and current students and previous students who attended the school. In a statement TPS released to the press, they said, ”The District immediately reached out to the Federal Bureau of Investigation and immediately contracted with cybersecurity experts to determine the scope of the attack. Today we were informed by the media that internal data may have been compromised. Upon learning of this information, TPS immediately notified our legal team and cybersecurity experts to investigate the full scope of this incident, including whether any TPS data was impacted.”
Dick Eppstein of Northwest Ohio and Southeast Michigan Better Business Bureau said he had never seen a cyberattack of this magnitude before. He and Jeff Boersma, President and CEO of Modern Data, a Toledo cybersecurity company, both agreed that the responsibility for the leaked data is that of TPS and its insecure systems.
DDoS Attack on Massachusetts School
The pandemic has changed the face of education, and many students are still quarantined and learning from home. Last week the Sandwich Public Schools suffered an entire week of connection issues. Initially, IT experts determined the issue was a firewall problem and replaced it, but it continued. After switching firewall vendors, they discovered that they were dealing with a DDoS attack instead of a firewall problem.
Pamela Gould, Superintendent of schools for Sandwich, put this in an email to parents “This is not a capacity issue for the district. This is something that is happening to us.” She also confirmed that they immediately contacted police and the FBI’s Cyber Crime Unit with the news.
Dr. Michael Flanagan, Superintendent of the Tyngsboro district, told reporters that their IT department determined that the DDoS attack was caused by a device carried into the Norris Road campus each day. He was quoted as saying, “We are frustrated and disappointed that this outage has disrupted what has been a very successful and positive start to our school year here in Tyngsboro. We have all pulled together and worked so hard to create a positive learning environment in spite of the challenges and disruptions of the COVID pandemic.”
It is unclear if the owner of the device is aware that it has been compromised. An independent cybersecurity firm is working with police and the school’s IT department to perform a full investigation to find out more. Flanagan concluded with, “While we are confident that we will soon rectify this situation, I am upset for the difficulty and disruption this has caused our students, families, and staff.”
What Do Hackers Want with Kids’ Information?
Unfortunately, cyber thieves can destroy a child’s credit before they even have a chance to use it. Using a child’s social security number, name, and date of birth (easily found in public records), a hacker can open credit card accounts, rent property, take out loans, and even apply to get forms of identification. There have even been reports of criminals assuming the identity of a child and getting arrested. The child finally applies for a job or tries to take out a loan, and suddenly find on their background check a misdemeanor or felony that they didn’t commit. Hackers can have a field day with a child’s identity; it’s an open book that they can continue to exploit for many years before the fraud is discovered.
The damage that identity thieves can do is staggering. It’s imperative to protect your child’s identity while they are young, using credit monitoring and credit freezes. Keep an eye on all the places where their information is stored and accessed. As a parent, you have every right to ask questions about the security of systems where your child’s data will be kept. In some districts, you have the right to refuse to allow your child’s information to be stored on a computer or online.
Authorities recommend that parents of the students also keep a close eye on their financial records, bank statements, credit cards, and use two-factor authentication whenever possible. They also mentioned parents should change their banking and credit card passwords immediately as an added precaution.