DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Frederick Public Schools in Oklahoma back up and running after ransomware attack (updated)

Posted on June 28, 2021 by Dissent

DataBreaches.net has become aware of yet another school district that fell victim to a ransomware attack.

The Frederick Public Schools in Oklahoma was breached a few months ago, but they had not yet disclosed the incident publicly as they have been working to recover from backups and to notify everyone who may have been impacted.

DataBreaches.net discovered the breach while exploring a new leak site on the dark web.

Today, DataBreaches.net spoke with Superintendent Shannon Vanderburg about the incident, and their response to the attack. The district did not and will not pay any ransom, he informed this site, even though their files were encrypted. At this point, he informs this site, they are back up and running, although in some cases they had to find and use older backups to restore from.

What is still in progress, however, is notifying everyone who may be impacted by the incident.

DataBreaches.net was able to inform the district where  files had been dumped on the dark web for the taking, but is not linking to the dump or files.  Although many of the dumped files concern routine district functions, many files contained personnel payroll-related information from 2018-2020 as well as vendor payment information. At least one file contained Social Security Numbers of district employees.  In one case, a district employee seems to have uploaded her family’s federal tax return for one year, thereby exposing all her personal information as well as her spouse’s and children’s SSN.

None of the files that this site has reviewed so far contained master employee records system, but employees should probably take immediate steps to protect themselves from identity theft or the misuse of their information for fraudulent purposes.

Former and current employees may want to place a security freeze on their credit reports to prevent fraudsters from trying to open new accounts that might require a credit report check. The freeze can be easily removed if it is not needed.

There were also some files in the dump that contained some student names or information, and in one case, a disciplinary incident being investigated by police that named specific middle school students and provided parental phone numbers.

DataBreaches.net did not see any master student record system in the files that have been reviewed so far.

It is not clear to DataBreaches.net from the listing found on a relatively new leak site whether the threat actors have dumped everything they acquired and exfiltrated or if this is just a partial dump. DataBreaches.net has emailed the threat actors to see if they will share more information.  Elsewhere, Michael Gillespie of ID Ransomware tweeted some information about the type of ransomware that may have been involved:

Vice Society (“.v-society”) == HelloKitty (“.crypt”) Linux #Ransomware using OpenSSL (AES256 + secp256k1 + ECDSA).
(Sorry can’t share samples due to victim confidentiality) pic.twitter.com/zJTu803m2C

— Michael Gillespie (@demonslay335) June 10, 2021

“Vice Society (“.v-society”) == HelloKitty (“.crypt”) Linux #Ransomware using OpenSSL (AES256 + secp256k1 + ECDSA).(Sorry can’t share samples due to victim confidentiality)

Whether that also applied to Frederick Public Schools remains to be confirmed by the district, but they did acknowledge that their files had been encrypted.

Update of June 29: DataBreaches.net received a response from Vice Society, who informs this site that yes, they were responsible for the attack and are not just a site that lists incidents for others. They also confirmed what Superintendent Vanderburg had told this site that they had encrypted files. Importantly, perhaps, they replied that they had published all the data they had for the district:

We always publish all data if company does not pay or ignore us.

So maybe the district got off with a bit of luck that more wasn’t exfiltrated, but of course, that claim has not yet been confirmed by the district.

Related posts:

  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • Four ransomware attacks on non-U.S. medical entities: Did anyone get notified?
  • k-12 school districts fall prey to Pysa ransomware
  • “Without Undue Delay,” Part 2
Category: Education SectorMalware

Post navigation

← Il: Details of over 200,000 students leaked in cyberattack
UK: Barrow computer hacker tapped into school network and brought down Labour website →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.