CNN recently reported that the U.S. Department of Education warned about hackers targeting schools.
The U.S. Department of Education is now warning teachers, parents, and K-12 education staff of a cyberthreat targeting school districts across the country.
So far, at least three states have been targeted by the extortion attempt from hackers asking schools to give them money or the group will release stolen private records, according to the department.
“In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received,” the department wrote in an advisory this week.
Bradshaw, the superintendent of schools in Columbia Falls, Montana said a hacking group broke into multiple school servers and stole personal information on students and possibly staff. He said after the threatening messages came, hackers asked for ransom.
In a ransom note sent to a number of Columbia Falls school district members and released by the county’s sheriff’s department, the hacking group called the Dark Overlord threatened the district and demanded up to $150,000 in bitcoin to destroy the stolen private data.
Gee, with all of the student data mining and storing those records electronically who is surprised by this development?
The U.S. Department of Education made the following suggestions for school IT staff:
IT Staff at Schools / Districts are encouraged to protect your organizations by
- conducting security audits to identify weaknesses and update/patch vulnerable systems;
- ensuring proper audit logs are created and reviewed routinely for suspicious activity;
- training staff and students on data security best practices and phishing/social engineering awareness; and
- reviewing all sensitive data to verify that outside access is appropriately limited.
One suggestion noticeably missing….
Stop collecting and storing student data where it can be hacked.