Privacy & Security

Hackers Post 26,000 Broward School Files Online After District Doesn’t Pay Ransom

By Scott Travis, South Florida Sun-Sentinel — April 20, 2021 3 min read
Image shows a glowing futuristic background with lock on digital integrated circuit.
  • Save to favorites
  • Print

Hackers who demanded up to $40 million from the Broward School District have now published nearly 26,000 files stolen from district servers.

An initial review by the South Florida Sun Sentinel found a few isolated incidents where confidential student or employee information was released, but none that contained Social Security numbers.

The 25,971 files, which are dated from 2012 to March 2021, contain mostly district accounting and other financial records, including invoices, purchase orders, travel and mileage reimbursement forms and forms used to dispose of surplus inventory at schools.

The international malware group Conti posted the files Monday after the district refused to pay millions in ransom. Last month, the hackers posted a transcript of a conversation with an unidentified representative of Broward schools, which offered to pay the hackers $500,000 on March 26 to retrieve data. The hackers initially demanded $40 million but dropped the price to $10 million.

The district, which announced March 31 it had no intention of paying a ransom, “is aware of the recent actions taken by the criminals who breached our system,” according to a statement Monday from the office of Chief Communications Officer Kathy Koch.

“With the assistance of outside experts, the district has implemented a plan to analyze the content to determine what further action is necessary,” the statement said, adding that the district will notify any individuals whose personal information was shared.

“Cybersecurity experts are continuing to investigate the incident and enhance measures system-wide,” the statement said.

The district has published questions and answers about the breach on its website at browardschools.com.

The data published includes more 750 employee mileage reports, 36 employee travel reimbursement forms, more than 700 invoices for spring water, more than 1,000 invoices for school construction work, about 400 payments to Broward Sheriff’s Office or local police departments for security, dozens of utility bills and several employee phone lists.

See Also

Conceptual image showing varying shades of blue and white numbers representing data and a lock with a computer's power button inside the lock's key hole.
Vitalii Gulenok/iStock/Getty Images Plus

The vast majority of the information released appears to be public records. But there were some instances of confidential information being shared:

  • A March 2020 invoice for $14 from the state Health Department includes the name and date of birth of a 9-year-old student who was being examined for a disability.
  • A report about missing equipment includes a December 2018 letter from a mother whose son took a laptop from his class and switched the inventory tag from his computer after he broke his device. The names of the mother and student are included.
  • Several invoices name bus drivers who visited urgent care centers, both for state-required physicals and other matters.
  • Several documents list employee benefits, including a policy summary of an employee’s life insurance coverage and a listing of another employee’s health insurance coverage.

“It doesn’t sound like it was that big,” said Jorge Orchilles of Weston, chief technology officer for the cybersecurity company Scythe. “It looks like they made the right decision not to pay ransom. At this point, there’s no point in paying it because all the information is already out there.”

However, the hackers say on their website they may have more information.

“If you are a client who declined the deal and did not find your data on cartel’s website or did not find valuable files, this does not mean that we forgot about you,” the website says. “It only means that data was sold and only therefore it did not publish in free access!”

The district’s Chief Information Officer Phil Dunn warned the School Board last week that a new cyber-attack could be devastating, affecting the district’s ability to pay employees or even keep schools open. He requested $20 million to enhance the district’s cyber-security efforts. The School Board plans to make a final decision in the coming weeks.

There have been at least 21 successful ransomware attacks in the U.S. education sector so far in 2021, disrupting 550 schools, said Brett Callow, a threat analyst for the anti-malware company Emsisoft. He said data was stolen from at least seven of those school districts.

Copyright (c) 2021, South Florida Sun Sentinel. Distributed by Tribune Content Agency.


Commenting has been disabled on edweek.org effective Sept. 8. Please visit our FAQ section for more details. To get in touch with us visit our contact page, follow us on social media, or submit a Letter to the Editor.


Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Teaching Webinar
6 Key Trends in Teaching and Learning
As we enter the third school year affected by the pandemic—and a return to the classroom for many—we come better prepared, but questions remain. How will the last year impact teaching and learning this school
Content provided by Instructure
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Ensuring Continuity of Learning: How to Prepare for the Next Disruption
Across the country, K-12 schools and districts are, again, considering how to ensure effective continuity of learning in the face of emerging COVID variants, politicized debates, and more. Learn from Alexandria City Public Schools superintendent
Content provided by Class
Teaching Profession Live Online Discussion What Have We Learned From Teachers During the Pandemic?
University of California, Santa Cruz, researcher Lora Bartlett and her colleagues spent months studying how the pandemic affected classroom teachers. We will discuss the takeaways from her research not only for teachers, but also for

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Spotlight Spotlight on Lessons Learned: Digital Safety
In this Spotlight, review ways you should be approaching student and system data, discover how others teach digital safety, and more.
Privacy & Security Quiz Quiz: How Much Do You Know About Protecting Students During Remote Learning?
Quiz Yourself: What should you know about storing video content involving students?
Privacy & Security Spotlight Spotlight: Online Student Safety
In this Spotlight, assess possible digital vulnerabilities, learn how students may be partaking in digital self-harm, and more.
Privacy & Security Teachers Are Watching Students' Screens During Remote Learning. Is That Invasion of Privacy?
The tools help teachers keep remote students on track and pinpoint who needs help. Some parents and students worry about over-surveillance.
16 min read
Image is a close up of an illustrated robotic eyeball.
Brandon Laufenberg/DigitalVision Vectors