There’s an update to a report in February about an outage that wasn’t described at the time as a hack or ransomware attack. Laura Acevedo reports:
The Sweetwater Union High School District has confirmed a hack was the cause of a days-long system outage at their facilities, saying the personal information of employees, students, and families was accessed and taken.
The update comes four months after the incident. On Friday afternoon, the Sweetwater Union High School District sent out a release about a security incident that left students and staff without email and internet access for days in February.
Read more at abc10News.
Their district’s press release gives no indication of how many students, staff, and parents are being notified.
There appears to be much to criticize in the district’s handling of this incident in addition to any security failures that may or may not have contributed to the breach itself. For one thing, the district doesn’t explain why it took from February 12 to mid-May to determine that personal information was included in files that had been exfiltrated. Then, too, having determined that in mid-May, why did it take until now for them to send out letters to individuals?
And then there is the matter that when a reporter asked them directly about any ransom demand or payment, they did not answer the questions at all and merely pointed to their June 23 press release that was totally silent on those questions.
Was this a ransomware incident or a hack with an extortion attempt, or a hack with no extortion demand? Why won’t the district answer straightforward questions about what they did or did not do to protect people whose personal information had been stolen?