Big announcement on October 16, 2023, by the Clark County School District. “On approximately October 5, 2023, Clark County School District (“CCSD”) became aware of a cybersecurity incident impacting its email environment,” read the statement from the Clark County School District. Just so you know, that’s the benign way of saying, “We were hacked because we weren’t doing our job, and your kid now faces a lifetime worrying that someone is going to ruin their life.” Sorry, kids.
CCSD said that they have diligently worked with a team of forensic experts to minimize the damage and ensure that CCSD’s databases were once again operating in a safe environment. In response to the attack, CCSD disabled access to its Google Workspace from external accounts and has forced reset of all student’s passwords. Problem solved, right?
Not at all. Shortly after CCSD’s announcement, parents reported receiving emails from the hackers telling a very different story. The hackers, calling themselves SingularityMD, informed the parents that their student profiles had indeed been leaked and that had CCSD done nothing to protect the kids. “We, SingularityMD, would like to make a statement for clarification. CCSD did not detect a security issue, we emailed them to tell them we had been in their network for a few months.” The emails contained links to leaked data archives hosted on dark web containing the personal data of 200,000 students.
SingularityMD offered to destroy the data in exchange for one third of the CCSD Superintendent Jesus F. Jara’s salary. Seems like $130,000 wasn’t worth protecting the kids but CCSD didn’t agree and didn’t take the offer. So now 200,000 students have their personal information on the dark web. And it seems like there is more to come. SingularityMD claims they still have access. “The callousness and incompetence of the leadership at CCSD is astounding, not only did they not cooperate, it is clear they did not communicate with principals and have still not plugged their leaky ship, meaning we still have access to the network.”
Today’s Fraud of The Day is based on article “Hackers email stolen student data to parents of Nevada school district” published by Capital News Illinois on October 28, 2023.
The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children’s’ data that was allegedly stolen during a recent cyberattack.
CCSD is the fifth largest school district in the US, with over 300,000 students and 15,000 teachers. On October 16, CCSD confirmed it suffered a cyberattack earlier this month, stating threat actors gained access to the district’s email servers.
