Scott Travis reports:
Hackers who demanded up to $40 million from the Broward School District have now published nearly 26,000 files stolen from district servers.
An initial review by the South Florida Sun Sentinel found a few isolated incidents where confidential student or employee information was released, but none that contained Social Security numbers.
The 25,971 files, which are dated from 2012 to March 2021, contain mostly district accounting and other financial records, including invoices, purchase orders, travel and mileage reimbursement forms and forms used to dispose of surplus inventory at schools.
Read more on South Florida Sun Sentinel.
Travis notes what this site noted in our preliminary analysis of the data dump: what was missing was much more significant than what was dumped.
So do Conti threat actors have student databases and employee personnel databases or not? Are they holding them back now to sell or misuse, or didn’t they ever have them? It would be nice to believe that they never had those data, but better to assume the worst and take steps to protect oneself.
DataBreaches.net notes that this is not the first time Conti has not dumped the kind of databases one would have expected to see from a serious hack with exfiltration. As one other example: Conti dumped numerous files from Leon Medical Centers in Florida. But they did not dump — and probably didn’t hit — the EMR system. And they didn’t dump the payroll system, although they did dump some payroll-related files. To this day, Conti does not claim to have dumped 100% of Leon. Are they holding out the most sensitive files to still try to extort Leon? Or are they selling them somewhere?
And did they get it all with Broward or didn’t they? Is their 100% dumped claim the truth? We don’t know.
This post was corrected post-publication to reflect that the Leon Medical Center dump was not a 100% dump.