weather icon Partly Cloudy

Hackers claim to have uploaded data obtained in CCSD security breach

Updated September 28, 2020 - 1:43 pm

The hacker group behind the Clark County School District’s security breach claims to have uploaded all of the stolen data to its website — including information on current and former employees such as names and Social Security numbers.

An update posted to the group’s website last week claims that 100 percent of the data from the Aug. 27 attack has been uploaded — though ultimately only the criminals and possibly the district would know if that’s true, said Brett Callow, a threat analyst at cybersecurity company Emisoft.

A Wall Street Journal report over the weekend said the data includes student names and grades and was published because the ransom demanded by the group had not been paid. District officials have not answered questions from the Review-Journal about whether it had paid any money to the group.

In a statement Monday morning, CCSD representatives said the district is not able to verify the claims about the attacks in national media reports but will notify affected individuals as the investigation continues.

“CCSD is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement,” the statement said.

A hotline for affected parties has been set up at 888-490-0594, though one former employee reported to the Review-Journal that he could not reach a representative on the line last week.

The district is facing a lose-lose situation, said Callow, and whether it pays the ransom or not must grapple with the fact that it has had a breach.

The group behind the hack has also targeted schools in Fairfax, Virginia, and Toledo, Ohio, he said, and local governments across the country have also had their data stolen and published.

“If the organization doesn’t pay, the stolen data will be published in a series of installments. If the organization pays, it will simply get a pinky promise from the criminals that the stolen data will be destroyed and not misused,” Callow said. “One thing that should be kept in mind is that ransomware is only a problem because organizations pay ransoms. If nobody paid, there’d be no more ransomware.”

Contact Aleksandra Appleton at 702-383-0218 or aappleton@reviewjournal.com. Follow @aleksappleton on Twitter.

Don't miss the big stories. Like us on Facebook.