Hackers have leaked private data about students and employees of Nevada’s Clark County School District, which includes Las Vegas, after school officials declined to pay ransom, The Wall Street Journal reports.
The hackers reportedly released Social Security numbers, addresses, and retirement information about district employees, as well as files on students that included their names, dates of birth, addresses, schools, and even grades, according to the report. The report includes a redacted screenshot of a school district personnel file said to have been posted online by the hackers.
The district didn’t immediately confirm the nature of the data affected by the hack.
“National media outlets are reporting information regarding the data security incident CCSD first announced on Aug. 27, 2020,” the district said in a statement shared with Fast Company. “CCSD is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement. The District is unable to verify many of the claims in the media reports. As the investigation continues, CCSD will be individually notifying affected individuals. CCSD values openness and transparency and will keep parents, employees and the public informed as new, verified information becomes available.”
The district referred us to a document that refers to data about “individuals, including certain current and former employees” but doesn’t specifically mention students.
Ransomware attacks on government agencies, including school districts, have been a growing problem in recent years, as have attacks that release data rather than simply encrypting it, presumably to inspire victims to pay the ransom.
Another ransomware attack recently struck Tyler Technologies, a software vendor that supplies government agencies—including schools and agencies that display voting results—although it doesn’t provide software actually involved in voting or tallying votes. Some clients have reportedly noticed “suspicious logins” to their systems, and the company has urged its customers to change their passwords.