On October 22, DataBreaches reported that Kenosha Unified School District in Wisconsin had been added to Snatch Team’s leak site and then removed without explanation.
The district had previously disclosed an incident in September. Snatch offered no proof pack and the quick removal of the listing left DataBreaches wondering if the district had decided to negotiate payment or if something else could explain the appearance and then disappearance.
Now things have taken another twist. Data from KUSD has shown up on another ransomware group’s leak site today. And unlike other listings by this group that contain claims and threats, this one simply provides a link to the data leak. The data leak consists of a number of .csv files. Ones that were skimmed by DataBreaches appeared to contain employee data. Not all files have been examined as yet.
DataBreaches could find no notice on KUSD.edu’s site to explain this latest development, and has reached out to the district via email to inquire.
This is a developing situation. This post will be updated as more information becomes available.
Update1: In response to my email inquiry, Tanya Ruder, KUSD’s Chief Communication Officer, replied:
In September, we experienced a cybersecurity incident involving ransomware. Upon learning of the issue, we quickly contained the threat. Our investigation is ongoing, however, it was determined that employee’s personal information may have been accessed and/or acquired in connection with this incident. As such, impacted individuals have been sent a letter with details regarding credit monitoring.
That’s helpful but doesn’t yet clarify why two groups had listed/claimed KUSD on their sites (although only one of the two leaked data). DataBreaches sent a follow-up inquiry to KUSD and has also reached out to Snatch Team to see if they will shed any light on the situation. DataBreaches does not have contact information for the group that has leaked the data.