Uvalde CISD in Texas will be closed for a few days while the district investigates a ransomware attack.

They have not disclosed whether there was any ransom note, and if so, who signed it.

KSAT reports, "The ransomware detected by the district is affecting several essential online systems, including phones, thermostats, camera monitoring and visitor management systems, among critical services, the district said." https://www.ksat.com/news/local/2025/09/13/uvalde-cisd-to-close-most-of-next-week-due-to-ransomware-issue/?ref=%2Fnews%2Fnational%2F2021%2F05%2F18%2Fdurst-jurors-to-get-refresher-in-deaths-tied-to-millionaire%2F

It is not clear whether the attackers know Uvalde's tragic history of one of the worst school shootings in this country's history, where 19 children and 2 teachers were murdered and more than a dozen others were injured.

Do attackers really think that a district that has gone through so much is going to pay a ransom? Or did they just not know?

If they didn't know, I hope they find their souls and just give the district a decryptor and help.

If they knew and didn't/don't care, may they rot in Hell.

#EduSec #databreach #ransomware #cybersecurity #Uvalde

@douglevin @funnymonkey @brett @mkeierleber

In other news, water remains wet. https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/09/insider-threat-of-students-leading-to-increasing-number-of-cyber-attacks-in-schools/ #edtech #edusec @PogoWasRight @brett @funnymonkey

EDIT: I honestly do not understand why students hacking their own schools seems to be such a big news story. It is hardly new and extremely commonplace - and has been for years. Significant school cyber incidents have been attributed to students. Is this not understood more widely? What is it about this notion that is new or novel to folks? I honestly don't understand.

Texas Attorney General Ken Paxton has filed a lawsuit against PowerSchool over its massive 2024 data breach. The lawsuit claims that PowerSchool violated both the Texas Deceptive Trade Practices Act and the Identity Theft Enforcement and Protection Act by misleading customers about its security practices and failing to take reasonable measures to protect sensitive information entrusted by Texas families and school districts.

Press release: https://www.texasattorneygeneral.gov/news/releases/attorney-general-paxton-sues-big-tech-company-catastrophic-data-breach-compromised-personal

Lawsuit: https://www.texasattorneygeneral.gov/sites/default/files/images/press/PowerSchool%20Petition.pdf

h/t, Click2Houston

@douglevin @funnymonkey @mkeierleber @campuscodi

Hackers demanded Midlands school district pay ransom. They refused https://www.thestate.com/news/local/education/article311857645.html #edtech #edusec @PogoWasRight @brett @funnymonkey

The Muscogee County School District attack by Safepay in December 2024 has now been reported to the Maine Attorney General's Office as affecting 34,056 people.

It is hard to be sure from the notification letter because it uses variables, but the sample letter seems targeted to adults/employees rather than students or parents (unless there's a second letter that we are not seeing).

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/fbc9cba8-6937-4469-9945-bc9fbdca806c.html

I went to SafePay's site and it looks like they leaked the data on August 7. So far, there have been only a few downloads or attempted downloads of the compressed archive, but the download failed when I tried it so I'm not sure how big it is or what's in it at this point.

@douglevin @funnymonkey

Personal data of Manassas Park City Schools students, staff compromised after network hack

https://wjla.com/news/local/manassas-park-city-schools-mpcs-student-staff-ransomware-attack-data-security-compromised-virginia-encrypt-portions-network-full-names-social-security-numbers-passport-numbers-financial-account-information-fbi

@douglevin @funnymonkey

@douglevin @funnymonkey

So let's attack school districts during summer vacation when staff may be away, right?

I've been swamped with other work and haven't had time to look into any of the following claimed or reported breaches, but here are some names of districts I've seen mentioned in the past few days:

Fort Smith Schools -- Qilin

Radford City Schools -- INC ransom
Franklin Pierce -- Medusa

Winner School District 59-2 -- Beast
Traverse City Area Public Schools -- Medusa
Ridgefield Schools -- ransomware attack reported in news

@douglevin @funnymonkey

So they wouldn't have committed without that "engagement?"

#PowerSchool #EduSec #databreach

"We take your privacy and security very seriously... when we have to," admitted no entity, ever.

Lexington-Richland School District Five provides update on June security breach https://www.wistv.com/2025/07/22/lexington-richland-school-district-five-provides-update-june-security-breach/ #edtech #edusec @PogoWasRight @funnymonkey

The St. Lawrence Lewis Board of Cooperative Educational Services ("BOCES") in New York has reported a breach that impacted 10,993 people. The types of information involved included: SSN, name, address, DOB, tax identification number, medical information, and financial account information.

The "cybersecurity incident" was discovered on August 12, 2024 and just reported this week to the Maine Attorney General's Office, although letters were sent out to those affected in June.

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/64a4742c-859e-400b-8098-589299a4052c.html

#databreach #EduSec #cybersecurity

@douglevin @funnymonkey

The Clearbrook-Gonvick School District in Minnesota has disclosed a breach that occurred in October 2024. The types of information involved included names, Social Security numbers, driver's license or state ID numbers, individual taxpayer identification numbers, financial account information, and student identification numbers.

https://markets.financialcontent.com/stocks/article/accwirecq-2025-7-21-notice-of-data-privacy-incident

#databreach #Edusec #cybersecurity

@douglevin @funnymonkey

$1.8 million stolen from Broken Bow Public Schools in phishing scam https://ruralradio.com/kuvr/news/1-8-million-stolen-from-broken-bow-public-schools-in-phishing-scam/ #edtech #bec #edusec @PogoWasRight @brett @funnymonkey

Hackers may have had access to Fall River schools' data for months before cyberattack https://www.heraldnews.com/story/news/2025/06/25/fall-river-schools-cyberattack-suspicious-activity-months-before-ransomware/84359211007/ #edtech #edusec @PogoWasRight @brett @funnymonkey

Breaches have consequences (sometimes):

"On Monday, the North Carolina State Board of Education approved a six-month, roughly $270,000 contract with PowerSchool for professional evaluations and onboarding services. The contract, NCDPI noted, isn’t related to the student information system, which was hacked in December. That system’s contract will expire at the end of June and won’t be renewed."

https://www.wect.com/2025/06/25/ncdpi-renews-contract-with-powerschool-after-massive-data-breach/

#databreach #PowerSchool #EduSec #cybersecurity

@douglevin @funnymonkey @mkeierleber @brett

School Districts Unaware BoardDocs Software Published Their Private Files via @mkeierleber https://www.the74million.org/article/school-districts-unaware-boarddocs-software-published-their-private-files/ #edtech #edusec #boarddocs @PogoWasRight @brett @funnymonkey

You may know this already, but in case you didn't: Threat actors have leaked some data from 2 more K-12 public school districts this week:

Some personal info on students at Coweta County School System was leaked by Nitrogen as proof of claims. I googled the parent information and found an exact match for name, address, and phone number.

Data from Kalamazoo Public School District was leaked by InterLock. InterLock claimed to have acquired 1,420 GB of data consisting of 724,477 Files and 82,820 Folders. It looks like they leaked it all but I didn't attempt to validate any data.

@douglevin @funnymonkey

School District of Philadelphia paid nearly $700,000 to bad actors in cyber fraud scheme
https://www.cbsnews.com/philadelphia/news/school-district-of-philadelphia-cyber-fraud-scheme-scam/ #edtech #edusec @PogoWasRight @brett @funnymonkey

@scottwilson I had the same reaction. I even emailed the Media contact for the Massachusetts USAO to ask why the information included enhanced sentences for use of "special skills" and use of "sophisticated means" under USSG § 3Bl.3 and USSG § 2B 1.1(b )(1 0)(C)), respectively.

What "special skills?"

What "sophisticated means?"

I suspect they won't really answer me, but... I had to ask.

#databreach #PowerSchool #EduSec #cybersecurity

UPDATING: The USAMA responded:

"The only information we can provide is that publicly available in the court filings - which are linked in the press release. Apart from that we have no comment. Thank you. "

Someone find me a good "shocked look" emoji, please.

Massachusetts hacker to plead guilty to PowerSchool data breach:

https://www.investing.com/news/stock-market-news/massachusetts-hacker-to-plead-guilty-to-powerschool-data-breach-4055643

Related:

DOJ Press release: https://www.justice.gov/usao-ma/pr/worcester-college-student-plead-guilty-cyber-extortions

USA v. Matthew D. Lane - Information: https://www.justice.gov/usao-ma/media/1400921/dl

USA v. Matthew D. Lane - Plea Agreement:
https://www.justice.gov/usao-ma/media/1400926/dl

#databreach #PowerSchool #EduSec #cybersecurity

@douglevin @funnymonkey @brett @mkeierleber