Adrian Martinez-De la Cruz reports that Crown Point Community School Corp. Superintendent Todd Terrill provided an update on the ransomware attack last November that cost the district about $1 million to resolve.
The superintendent said the breach occurred after an employee fell for a phishing attack. The district decided to pay the attackers, and “a payment was finalized just before students went on winter break with it being made with the assistance of a third-party broker, according to the superintendent.”
Why they felt the need to pay was not made clear in the reporting — did they not have any backups or was their motive solely to protect student and employee personal information, or….?
“Terrill said that since the ransom was paid, student and staff information was turned over to the school district instead of being sold online. However, they still had to investigate whether any personal information was accessed in the breach.”
DataBreaches fervently hopes the district and community members don’t really believe that all data was turned over and only to them. But yes, they need to investigate and notify everyone that they do know about and can find out about from further investigation.
Read more at nwitimes.com.
h/t, Doug Levin and Brett Callow