weather icon Clear

Some CCSD parents get suspicious email with information about their kids

Updated October 26, 2023 - 5:12 pm

Some Clark County School District parents say they received a suspicious email Wednesday — just weeks after a cybersecurity incident — that included personal information about their children.

Last week, the district announced that it was affected by a “cybersecurity incident impacting its email environment” that occurred around Oct. 5 and said a “comprehensive assessment” was ongoing.

A few people posted in the “CCSD Parents” Facebook group Wednesday saying they received an email telling them that private information had been leaked. Two of the parents posted screenshots of an identical email.

Brandi Hecht — who has three children in the district — said she received the email, which included one PDF file for each of her children.

Information included her children’s pictures, identification numbers, email and home addresses and sibling information.

‘Between shock and being scared’

Hecht said her reaction to receiving the email was “between shock and being scared.” She said the email didn’t include information about her children’s individualized education programs.

“I’m worried about that next,” she said.

Hecht said she’s more concerned about the release of her children’s address and pictures.

“We live in one of the biggest cities for human trafficking and that terrifies me,” she said.

The email is dated Wednesday, and the sender’s name is listed as “Cadence Martin” with an email address domain appearing to be affiliated with the Coalinga-Huron Unified School District in California.

The message reads: “I’m so sorry to tell you this but unfortunately your private information has been leaked. You should probably change your information in CCSD systems if that is possible.”

“There are over 200,000 student profiles like this which have been leaked now by the hackers,” the message states. “Be careful out there. Don’t shoot the messenger!”

The Clark County School District didn’t answer Las Vegas Review-Journal questions Wednesday or Thursday about the suspicious email. It’s unknown how many parents received it.

The district, though, provided a copy of a Thursday email to parents with an update on the cybersecurity incident.

In the email, the district said that the investigation into the cybersecurity incident is ongoing and that it has not received any reports of related identity theft.

“CCSD continues our engagement with a team of forensic experts to investigate this incident and operate within a safe online environment,” the email stated. “CCSD is cooperating fully with the current FBI investigation.”

The district is still working to identify everyone whose information was affected by the incident, according to the email.

Those affected will receive a notification letter via mail outlining steps to protect their information.

The district said parents who have questions can call an assistance line at 888-566-5512 from 6 a.m.-6 p.m. Monday through Friday, excluding holidays.

California connection

Coalinga-Huron Unified School District Superintendent Lori Villanueva said Thursday that she’s aware of the incident and the district has been in contact with the Clark County School District’s information technology department.

She said a student account was breached and emails were sent out.

Villanueva said the district — which has nearly 5,000 students near Fresno — has notified parents and is deciding whether additional security measures are needed.

The Clark County School District hasn’t released details about what information may have been compromised in the cybersecurity incident or whether it’s a ransomware attack.

After receiving the suspicious email Wednesday, Hecht made multiple phone calls — including to her child’s school and the district — before being referred to the district’s help desk.

Hecht said she was given a ticket number and was told she was the first one who had reported the email.

Additional security measures

In a Wednesday night email to employees, the district wrote that it expected to restore employee access to Google Workspace for off-site users beginning at 5 p.m. Wednesday.

The district wrote that it expected “fully restored access” to be available by Thursday.

For more than one week, students and employees only had access while connected to the district’s internet in schools and administrative buildings.

The district also implemented a forced password change for students, but some haven’t been able to access their emails and online class materials.

Hecht said her children didn’t get into their Google accounts until Thursday morning. And she said her homebound sixth grader hadn’t been able to do schoolwork for nine days as a result.

The Wednesday message to employees outlines additional Google Workspace controls that will be implemented “in an effort to safeguard our data and communication.”

That includes requiring multi-factor authentication. That typically means multiple steps to log in, such as entering a code received via text message, in addition to a password.

“Individual staff user accounts already require this,” according to the message. “Implementation of this for shared and generic accounts will begin.”

Multi-factor authentication won’t be required for student accounts, the district wrote.

Other changes include no longer allowing employees to automatically forward emails to another address.

Elementary and middle school students won’t be able to share documents with anyone outside the district. High school students can continue doing so “until further analysis of the impact can be determined,” the district wrote.

Students also won’t be able to create shared drives or Google Groups.

Contact Julie Wootton-Greener at jgreener@reviewjournal.com.

Don't miss the big stories. Like us on Facebook.