A hacker published documents containing Social Security numbers, student grades and other private information stolen from a large public-school district in Las Vegas after officials refused a ransom demanded in return for unlocking district computer servers.
The illegal release late last week of sensitive information from the Clark County School District in Las Vegas, with about 320,000 students, demonstrates an escalation in tactics for hackers who have taken advantage of schools heavily reliant on online learning and technology to run operations during the coronavirus pandemic. The release of the district’s information is being reported for the first time by The Wall Street Journal.
Hackers have attacked school districts and other institutions with sensitive information even before the pandemic, typically blocking users’ access to their own computer systems unless a ransom is paid. In those instances, the so-called ransomware crippled the district’s operations but hackers didn’t usually expose damaging information about students or employees.
“A big difference between this school year and last school year is they didn’t steal data, and this year they do,” said Brett Callow, a threat analyst for cybersecurity company Emsisoft, who said he was able to easily access the Clark County data on a hacker website. “If there’s no payment, they publish that stolen data online, and that has happened to multiple districts.”