Iowa’s largest school district Des Moines Public Schools confirmed on Monday that the cyber incident that occurred on Jan. 9, 2023, was, in fact, a ransomware attack that “may have” resulted in lost data belonging to nearly 6,700 individuals.
According to the announcement on the district’s website, the investigation is ongoing, but they’ve determined that “some data was exposed during the attack.” However, there is no evidence of financial fraud or identity theft associated with the breach.
As a result, those impacted will be receiving a letter this week clarifying the type of data that may have been compromised. The district is also offering complimentary credit monitoring services.
“We want to express our deepest gratitude to everyone for their patience and understanding as we address this unfortunate incident,” said Matt Smith, interim superintendent of DMPS. “Data breaches have become all too common for public agencies and private businesses alike, and we recognize the impact they can have on individuals.”
Immediately after the attack, the district canceled all classes for a week as internet and network services were taken offline during the initial investigation. DMPS is just one of several Iowa schools and organizations that have been seriously impacted by cybersecurity attacks in recent years, including Des Moines Area Community College, the Des Moines Register reports.
One threat analyst from Emsisoft, an anti-virus software distribution company, estimates that at least 37 K12 school districts have experienced a ransomware attack this year alone, compared to an overall tally of 45 throughout the 2022 school year, according to an Emsisoft report published earlier this year.
At least 37 US #K12 districts have been impacted by #ransomware this year. The districts have 557 schools between them, and at least 30/37 had data stolen. Stats for 2022 in the link. 3/3https://t.co/6pG6DQHABW
— Brett Callow (@BrettCallow) June 15, 2023
More from DA: No ifs, ands or buts: AI will transform K12 education
One of the most significant victims of last year’s plague of threats includes the Los Angeles Unified School District, the second-largest district in the U.S. Soon after the attack, the FBI, the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center issued a joint advisory cautioning school districts to prepare for an anticipated uptick in ransomware attacks in the future.
Most recently, CISA updated its #StopRansomware guide in May in response to continued ransomware and double extortion events plaguing K12 schools. The recommendations cover best practices for ransomware and data extortion prevention as well as a checklist district and IT leaders can follow.
As leaders prepare for the 2023-24 school year, here’s what the guide offers to leaders wanting to improve their prevention methods:
- Recommendations for preventing common initial infection vectors, including advanced forms of social engineering and compromised credentials.
- Updates to recommendations for addressing cloud backups and zero trust architecture (ZTA).
- An expanded ransomware response checklist to include threat-hunting tips for detection and analysis.
- Mapped recommendations for CISA’s Cross-Sector Cybersecurity Performance Goals (CPGs).
