Middlesex County Public Schools (MCPS) officials reported on Thursday, June 15, that there is no evidence that cybercriminals who claim to have stolen MCPS data have actually done so.
Two weeks ago, an Akira ransomware group claimed on the “dark web” to have hacked the MCPS website, allegedly stealing 543 gigabytes (GB) of its data.
MCPS School Superintendent Dr. Tracy Seitz wrote in an email to “parents and families,” that “we are writing with an important update following the recent cybercriminal attack against MCPS.
“Thank you for your patience and cooperation as our team has worked with leading cybersecurity experts to restore our systems and to partner with federal and state law enforcement in their investigations,” she wrote.
“While the threat actor claims to have stolen files from our systems, we still do not have evidence of their removal. Further, there is no evidence at this time that any student’s personal information has been or will be misused.
“With that said, among the files that the cybercriminal claims to have stolen from our systems are a few that contain medical information necessary for MCPS teachers to safely provide educational services to students,” she wrote.
“Examples include information pertaining to some students’ allergies, asthma, diabetes and/or IEP (Individualized Education Plan) documentation. In accordance with Virginia law as well as with the intent to be a good steward of communicating the information currently available to us, we will formally notify by U.S. mail 145 families of children whose information is potentially impacted,” wrote Dr. Seitz.
“Out of an abundance of caution, we are providing free identity monitoring services for one year to the affected students. It may take some time before they receive this information by mail, but rest assured that the protections provided extend retroactively to the date of the incident,” she said.
“If you do not receive a formal notification by U.S. mail, you are not believed to be affected at this time. We are continuing our work to confirm the full scope of the attack and will communicate directly with any affected individuals not covered by this upcoming notification.
“All of us at MCPS remain grateful and committed to our families, students, teachers, and faculty through this difficult time. Thank you for your understanding, patience, and support,” said Dr. Seitz.
This is the second alleged ransomware attack at a Virginia public school in recent months. Franklin County Public Schools (FCPS) system was the victim of an attack that forced the closing of the school May 15, while a team worked to address the issue.
Franklin school officials stated students were back in school on May 16 and no ransom was paid to the cyber attackers.
