“Duneland School Corporation” sounds like it should be an education-related business but it’s actually a school district in Indiana. On October 27, they discovered that they had experienced a security incident that sounds like a ransomware attack.
In a statement on their website, they note:
Through our investigation, we determined that an unauthorized person obtained access to the Duneland systems between October 21, 2021 and October 27, 2021. After further investigation, we discovered that certain files may have been acquired by the unauthorized person. We thoroughly reviewed those files and determined that they contained information relating to our self-insured health plan and general employment records, including individual names, dates of birth, Social Security numbers, driver’s license numbers if they were provided to us, and benefits information.
The district is urging those being notified to be vigilant and check health insurance statements and has offered those affected mitigation services and help through Kroll.
At this point, it has not been revealed who the threat actors are or how many people are being notified.