Mary B. Pasciak reports:
When ransomware hit the Buffalo Public Schools in March, the district told students and families that investigators had not determined that any personal information had been exposed.
Two months later, investigators have found that such information was exposed.
Personal information about an unknown number of students, parents and employees has been exposed, along with bank account information for an unknown number of vendors, the district revealed in letters recently.
Read more on The Buffalo News. DataBreaches.net has not seen the school district listed on any dedicated leak site — at least not yet.
Updated June 14, 2021: A report by the district’s external counsel to the Maine Attorney General’s Office indicates that 14,039 people were impacted by the breach.
Update August 19, 2021: Pysa threat actors have claimed this attack and dumped data on their leak site. Preliminary impression is that this dump is mostly district operational and HR files and not student files or records, but it will need more analysis.