DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hackers give Jeffco Public Schools an extension on their deadline to respond; email parents about the breach (1)

Posted on November 7, 2023 by Dissent

On November 2, DataBreaches reported that the same threat actors that had hacked and exfiltrated data from Clark County School District in Las Vegas had also hit Jeffco Public Schools in Colorado. In communications shared with DataBreaches, “SingularityMD” as the hackers call themselves gave the district until today at 5 pm today to pay them $15,000 in Monero cryptocurrency.

Unbeknownst DataBreaches until now was that the hackers had also sent an email to Jill Ibeck, the district’s Chief Information Office (CIO) and other staff members in response to a district email.  In their email to the CIO, the hackers commented:

A global password reset for teachers is relevant and a step in the correct direction, however, if student accounts are still compromised due to the use of birthdates as passwords, and all the infinite campus for students is already leaked then, we, the hackers have access to most student accounts still, and can simply access the teacher network again as soon as a teacher makes a security blunder.

They also noted the district’s lack of response to them, adding:

Without some indication of cooperation, we have to assume that you are not planning on complying with our requests. In this case we may as well make more trouble for you to show the next school district that it makes more sense to work with us as opposed to against us.

It appears that the email did not produce the results they desired, and today, they sent another email to the CIO with an even bigger distribution list. Noting the district’s continued lack of response, they wrote:

Looking at your lack of cooperation, we anticipate that you are unlikely to cooperate with us.

We would like to make it clear that we do not want to upload all of your stolen information. We also would like to show other school districts and organizations that SingularityMD does keep its word with regards to destruction on payment.

Theirfore we are willing to reduce the fee for disposal of the stolen information down to $2,000 USD in Monero (XMR).

They also indicated a willingness to extend the deadline to enable them to consider their offer and to complete the password resets across the organization that still had not been completed.

The email also reminded the district what would happen if they didn’t hear from them by the 5 pm deadline.

Five minutes before the 5 pm deadline, the hackers emailed thousands of parents and sent them the correspondence between the hackers and the district. They then sent Jeffco another email saying:

We have notified 3k parents and some news outlets, providing full correspondance. As such, we will grant 24 hours extension to let parents weigh in on the matter.

As yet, we have not leaked any private information.

Will the district decide to pay $2000.00 to get the hackers not to leak data and to destroy what they have downloaded from the district or will they stand on principle and not pay? Will parents pressure the district to pay to protect their children’s personal information?  Will teachers pressure them to pay to protect their information?

And even if they pay, what will prevent another breach if they don’t take significant steps to address security vulnerabilities?

DataBreaches will continue to monitor this incident.

Update 1: Based on questions DataBreaches received from readers, DataBreaches asked SingularityMD some additional questions.

First, in response to a question as to what they would do if a parent paid the $2,000.00 — whether they would still destroy all the data they had exfiltrated and not leak it, SingularityMD answered that yes, they would not leak the data and would destroy it.

Second, in response to whether they would still provide the district with a written report if they were paid $2,000.00 by a parent, they said that there would be no written report for that amount, but they would explain the issues.

Third, in response to DataBreaches mentioning that they have made an impact as this site is hearing that not only has Infinite Campus sent out a memo, but Google seems to have taken notice, too, they replied, in part,

We have seen google start to put captcha’s on google groups in what we perceive to be an attempt to prevent the extraction of a group as we have previously for CCSD and Jeffco.

They also wrote they

suspect IC know about it as they are recommending 2FA now for all accounts, as you pointed out. We have accessed yet another school district IC as a teacher this week and now it sends a login notice (You have logged in from a new device) to the associated email address. It did catch us out and one teacher changed their password as a result, but for the district in question, we already had access to another teachers email and in their case we could delete the notice before it was seen.

————
Update: See the latest developments in the new post, Time’s up: SingularityMD sets up to sell data from Jeffco Public Schools.

Category: Education SectorHackU.S.

Post navigation

← FBI: Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools
Sumo Logic alerts customers about security incident; advises rotate Sumo Logic API access keys →

9 thoughts on “Hackers give Jeffco Public Schools an extension on their deadline to respond; email parents about the breach (1)”

  1. student says:
    November 8, 2023 at 11:05 am

    Jeffco is being lazy at informing us. As a student, I had to go out of my way to research any available information that might tell us what’s happening. Thank you so much for these insightful articles.

    1. Dissent says:
      November 8, 2023 at 11:21 am

      You’re welcome. I don’t think the district is being lazy. This is intentional non-disclosure.

  2. anonymous says:
    November 8, 2023 at 8:36 pm

    i am a jeffco student (using a burner email to protect my identity): i asked my teachers what was going on but they told me to shut up and get back to working so i had to go out of my way. i told them not to put in the new e hall pass thing and they did AND A DAY LATER, JEFFCO GETS HACKED. i am not one to get into conspiracies but it could be more than a coincidence. also, I WARNED THEM NOT TO USE BIRTHDAYS AS PASSWORDS I FUCKING WARNED THEM SO THEY CHANGED IT TO SOMETHING WHERE THE MOST UNIQUE ELEMENT IS IN MY GODDAMN EMAIL!! WTF JEFFCO! also unrelated but i looked up Anihi Blep, the guy who sent the email and basically, jeffco got hacked by a FUCKING FURRY

  3. Anonymous2 says:
    November 9, 2023 at 10:12 am

    I am also a jeffco student, this is not confirmed but some evidence points me to think that Singularity was able to get the DNS keys and take it over like they did with Clark county. (Burner email to protect privacy)

    1. Dissent says:
      November 9, 2023 at 10:37 am

      That’s not how they claim to have gained access.

      1. Anonymous2 says:
        November 9, 2023 at 11:20 am

        I’m not claiming that it was how they claimed to gain access. They gained access due to students having too much PII on socials. I’m saying I’m suspicious that the DNS keys were hijacked

  4. anonymous 3 says:
    November 10, 2023 at 4:14 pm

    It seems like either jeffco or singularity changed all the temp passwords. tons of students lost access. this is either a really good or really really bad thing. radio silence from both sides so who knows

    1. Dissent says:
      November 10, 2023 at 6:37 pm

      When did this happen?

      1. Dissent says:
        November 10, 2023 at 8:58 pm

        Okay, according to SingularityMD, this is not a new development but is what happened when Jeffco attempted to try to block them from logging in after the district realized they could access any student account.

        Please note there is a new post up tonight that you may want to see at https://www.databreaches.net/times-up-singularitymd-sets-up-to-sell-data-from-jeffco-public-schools/

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Dutch Government: More forms of espionage to be a criminal offence from 15 May onwards
  • B.C. health authority faces class-action lawsuit over 2009 data breach (1)
  • Private Industry Notification: Silent Ransom Group Targeting Law Firms
  • Data Breach Lawsuits Against Chord Specialty Dental Partners Consolidated
  • PA: York County alerts residents of potential data breach
  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.