Hackers Post Data Stolen From Fairfax Schools In Ransomware Attack

The school system says it’s working with the FBI and other cybersecurity consultants to investigate malware on its technology system.

Tyrone Turner / WAMU/DCist

This story was updated on October 11th

Hackers have posted stolen information from Fairfax County Public Schools employees and students on the dark web, school officials confirmed Friday.

Hackers published stolen data Friday evening, officials say, but they did not specify exactly what, or how much, personal information was compromised.

The ransomware attack was first reported a month ago. At the time, hackers claimed to have posted 2% of stolen data online, according to Infosecurity Magazine.

“We deeply regret that this has occurred and are committed to supporting you,” Fairfax Superintendent Scott Brabrand wrote in a letter to staff and families. “We are working around the clock to identify the information that was taken and will notify impacted individuals as appropriate.”

School officials say “only a subset” of people — including a limited number of students — have been affected, according to an FAQ page on the data breach. In response to the hack, FCPS says it will offer free credit monitoring to all employees and their spouses.

Brabrand also confirmed that the cyber criminal group Maze has claimed responsibility for the ransomware attack. He said FCPS is assisting the FBI and the Virginia State Police in their investigations.

“In the midst of all the challenges posed by virtual learning and the pandemic, cyber criminals have been targeting educational systems around the country in an attempt to disrupt operations,” Brabrand said.

Fairfax schools suffered from technology and security blunders earlier this year, when the district first attempted distance learning in the spring. There does not appear to be any link between those challenges and the ransomware attack, according to the FAQ.

Original:

Fairfax County Public Schools is investigating a ransomware attack on its technology system. A hacking group says it stole information from the school district.

“We are taking this matter very seriously and are working diligently to address the issue,” FCPS said in a statement on Friday.

Fairfax schools said the system “may have been victimized by cyber criminals who have been connected to dozens of ransomware attacks in other school systems and corporations worldwide.” In a ransomware attack, the hackers demand payment and threaten to post stolen information online.

On Saturday, FCPS said the hack didn’t disrupt distance learning, and students and staff should continue using their devices for school, unless contacted by district officials. A school district spokeswoman later said she did not believe the issue would impact distance learning in the future.

Students in Virginia’s largest school system began the new school year last week with all remote classes. The district has 189,000 students enrolled.

The scope of the hack remains unclear, but the district says it is working with the FBI and its own cybersecurity consultants to investigate the hack and determine the “extent of any possible data compromise.” FCPS said it retained leading experts to help with the investigation.

The school system also said that, if it determines anyone’s personal information has been compromised, it will notify individuals “as appropriate.”

Infosecurity Magazine reports that the ransomware group MAZE took responsibility for the hack and posted a zip file with some of the district’s information. The group says it has posted 2% of the stolen material so far, according to Infosecurity.

Fairfax County also experienced serious technical troubles earlier this year as it first converted to virtual school. After a series of technology failures and online chats flooded with harassing messages, the district was forced to pause real-time learning while it transitioned to a new online learning platform, and the long-time head of IT stepped down.

Over the past two weeks, schools throughout the D.C. region have started a new year of distance learning. In D.C., Maryland and Northern Virginia, some students experienced various technical glitches.

The most common issues were tech-related, as some families struggled to log into virtual class. In Loudoun County, however, classes were disrupted during the first week of school when several students used racist slurs in class, showed sexual or racist images on screen, or joined online sessions in classes or schools other than their own.

This story was updated to reflect that some of the data has been posted online.

Filed Under: fairfax county, fairfax county public schools, fairfax schools, schools,

Hackers Post Data Stolen From Fairfax Schools In Ransomware Attack

Hackers Post Files And Data Stolen From D.C. Police After Ransom Negotiations Allegedly Fail

Hackers Pull Back On Threat To Release Stolen D.C. Police Files, City Officials Decline To Say Whether Ransom Paid

Howard U. Will Resume In-Person Classes Wednesday, As Investigation Of Ransomware Attack Continues

Hackers Say Negotiations With D.C. Over Stolen Police Data At ‘Dead End,’ Threaten Public Release