DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Frederick Public Schools in Oklahoma back up and running after ransomware attack (updated)

Posted on June 28, 2021 by Dissent

DataBreaches.net has become aware of yet another school district that fell victim to a ransomware attack.

The Frederick Public Schools in Oklahoma was breached a few months ago, but they had not yet disclosed the incident publicly as they have been working to recover from backups and to notify everyone who may have been impacted.

DataBreaches.net discovered the breach while exploring a new leak site on the dark web.

Today, DataBreaches.net spoke with Superintendent Shannon Vanderburg about the incident, and their response to the attack. The district did not and will not pay any ransom, he informed this site, even though their files were encrypted. At this point, he informs this site, they are back up and running, although in some cases they had to find and use older backups to restore from.

What is still in progress, however, is notifying everyone who may be impacted by the incident.

DataBreaches.net was able to inform the district where  files had been dumped on the dark web for the taking, but is not linking to the dump or files.  Although many of the dumped files concern routine district functions, many files contained personnel payroll-related information from 2018-2020 as well as vendor payment information. At least one file contained Social Security Numbers of district employees.  In one case, a district employee seems to have uploaded her family’s federal tax return for one year, thereby exposing all her personal information as well as her spouse’s and children’s SSN.

None of the files that this site has reviewed so far contained master employee records system, but employees should probably take immediate steps to protect themselves from identity theft or the misuse of their information for fraudulent purposes.

Former and current employees may want to place a security freeze on their credit reports to prevent fraudsters from trying to open new accounts that might require a credit report check. The freeze can be easily removed if it is not needed.

There were also some files in the dump that contained some student names or information, and in one case, a disciplinary incident being investigated by police that named specific middle school students and provided parental phone numbers.

DataBreaches.net did not see any master student record system in the files that have been reviewed so far.

It is not clear to DataBreaches.net from the listing found on a relatively new leak site whether the threat actors have dumped everything they acquired and exfiltrated or if this is just a partial dump. DataBreaches.net has emailed the threat actors to see if they will share more information.  Elsewhere, Michael Gillespie of ID Ransomware tweeted some information about the type of ransomware that may have been involved:

Vice Society (“.v-society”) == HelloKitty (“.crypt”) Linux #Ransomware using OpenSSL (AES256 + secp256k1 + ECDSA).
(Sorry can’t share samples due to victim confidentiality) pic.twitter.com/zJTu803m2C

— Michael Gillespie (@demonslay335) June 10, 2021

“Vice Society (“.v-society”) == HelloKitty (“.crypt”) Linux #Ransomware using OpenSSL (AES256 + secp256k1 + ECDSA).(Sorry can’t share samples due to victim confidentiality)

Whether that also applied to Frederick Public Schools remains to be confirmed by the district, but they did acknowledge that their files had been encrypted.

Update of June 29: DataBreaches.net received a response from Vice Society, who informs this site that yes, they were responsible for the attack and are not just a site that lists incidents for others. They also confirmed what Superintendent Vanderburg had told this site that they had encrypted files. Importantly, perhaps, they replied that they had published all the data they had for the district:

We always publish all data if company does not pay or ignore us.

So maybe the district got off with a bit of luck that more wasn’t exfiltrated, but of course, that claim has not yet been confirmed by the district.

Category: Education SectorMalware

Post navigation

← Il: Details of over 200,000 students leaked in cyberattack
UK: Barrow computer hacker tapped into school network and brought down Labour website →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.