Cyber-criminals have exfiltrated data from an Ohio school district and published personal information of faculty, staff, and students online.
According to 13abc news, nearly 9GB of sensitive data belonging to Toledo Public Schools (TPS) has been exposed. Information leaked by attackers includes names, addresses, dates of birth, phone numbers, and Social Security numbers.
The data’s appearance online follows a Distributed Denial of Service (DDoS) attack that was carried out against the TPS system at the beginning of September 2020. The attack on the district’s system forced administrators to temporarily take it offline, disrupting virtual classes.
Since data is not typically stolen in a DDoS attack, it seems that the TPS system was also the victim of another cyber-attack in which malware was introduced that exfiltrated data. Ransomware attacks have occurred at around 70 school districts and colleges this year, according to Emsisoft‘s Brett Callow.
On September 14, ransomware gang Maze claimed to have attacked the Toledo Public School System, but the data dumped as proof of the hit related to a construction firm. However, a subsequent data dump carried out earlier this month by Maze has been confirmed to 13abc by several TPS staff members to contain data that belongs to TPS.
The full extent of the data breach is unclear, as Maze claims to have only published a small portion of the information it has exfiltrated from TPS.
Deputy Superintendent Jim Gant said that TPS had not received any communication or ransom demand from cyber-criminals. The district said it was also not aware of any misuse of the data that it hadn’t even realized had been swiped until contacted by several media outlets on Friday.
Representatives for TPS have pledged to notify and support those affected by the incident and provide credit monitoring services to those affected at some point in the near future. Gant said that administrators would be contacting impacted faculty and staff to notify them of the breach and advise them regarding next steps.
In an email sent to faculty and staff on Monday afternoon, employees were urged by district leaders to monitor their accounts and credit reports for suspicious or fraudulent activity.