Midlands School District Stands Firm Against Hacker Ransom Demand

Midlands school officials opted not to pay a ransom demanded by foreign hackers following a significant cyber attack that compromised student data and disrupted district operations. Superintendent Akil Ross disclosed this decision during a virtual town hall meeting with parents on Tuesday. The cyber incident, which occurred in June 2023, resulted in the temporary shutdown of internet access across district facilities and delayed the start of high school summer classes in the Chapin and Irmo areas.

During the town hall, cybersecurity expert and former FBI agent Jack Jupin supported the district’s refusal to comply with the hackers’ demands. “I tell my clients not to pay,” he explained. “If you pay, it just perpetuates the problem. Now they wait six months and do it again, because maybe you’ll pay the second time.”

The hackers gained access to the school’s systems when an employee inadvertently opened a phishing email. This method, increasingly common among cybercriminals, exploits human error to infiltrate secure networks. The attack not only led to operational disruptions but also delayed year-end bonuses for teachers and staff, as Ross noted the district lost access to its systems early in the morning of the breach.

The exact ransom amount requested by the hackers has not been disclosed. However, the school district confirmed in a press release earlier this month that sensitive information, including names, addresses, and Social Security numbers, was posted on an online forum associated with cybercriminal activity. Jupin remarked that the hackers are typically less interested in individual data and are primarily motivated by financial gain. “This was an attack on your school district. They wanted the money,” he stated.

In response to the breach, Lexington-Richland 5 announced it would provide credit monitoring and identity theft protection for the individuals affected, as well as for all current staff members. Although the district has not confirmed if staff information was compromised, Ross stated that the monitoring would adhere to state law, which mandates coverage for a minimum of 12 months. This duration could be extended if stolen information is detected being used.

The investigation into the data breach is ongoing, with local, state, and federal law enforcement agencies involved. Ross emphasized the importance of maintaining confidentiality about specific details that could jeopardize the investigation or expose further vulnerabilities in the district’s systems.

The district is currently sifting through over 1.03 terabytes of data linked to the breach. Ross compared this volume to approximately 1,200 jump drives of information. The costs associated with credit monitoring services will be covered by the district’s cybersecurity insurance, which had previously seen a reduction in co-pay from $100,000 to $25,000 due to successful security assessments.

As the community seeks guidance on safeguarding personal information, Jupin recommended that those affected should reach out to credit bureaus such as Equifax, Experian, and TransUnion for heightened monitoring of financial transactions. The district encouraged parents and community members to direct further inquiries to their official channels as they navigate the aftermath of this cyber attack.

The incident highlights the increasing prevalence of cyber threats targeting educational institutions, necessitating robust security measures and community awareness to protect sensitive information.