On November 26, DataBreaches.net reported that two more k-12 districts appeared to have been attacked by ransomware threat actors.
One was Spring ISD in Houston, Texas, but DataBreaches.net did not name the other district at the time as they had not confirmed the breach. DataBreaches.net has now received a statement from the Gardiner Public Schools in Montana:
Gardiner Public Schools (“Gardiner”) recently discovered a potential data security event. Gardiner is working with outside counsel and third-party forensic experts to ensure that its systems are secure, and to determine the scope of events. This investigation is ongoing and Gardiner continues to work tirelessly to ensure the ongoing security of its systems. We are working to determine what data, if any, was taken by the threat actors. Gardiner will provide updates when we have significant news to report. Gardiner appreciates the patience and understanding of our community while we investigate this matter.
So as if it isn’t hard enough for public schools to educate children while trying to keep staff and students safe from COVID-19, they have to deal with attacks on their systems and ransom demands. In this case, it is the DoppelPaymer threat actors. As proof, they uploaded three old files, one of which appeared to be an accommodation plan for a student that needed some accommodations.
DataBreaches.net will continue to cover this incident, as it does all such incidents, and notes that it is not yet clear how much personal information of staff and/or students the attackers may have accessed or exfiltrated.