Hackers Are Stealing Sensitive Student Data—And Schools are Paying Thousands of Dollars to Get it Back

“These groups are targeting some of the most vulnerable people in the nation—kids.”

FOTOKITA/iStock/GettyImages

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

Earlier this month, students and parents in Johnston, Iowa, received a barrage of threatening text messages. “I’m going to kill some kids at your son’s high school,” one said, according to KCCI, a local Des Moines news outlet. The threats eventually caused the school district to shut schools for a day. And just last month, students and parents around Flathead County, Montana, received similar, “extremely emotionally charged, seemingly real, physical threats,” according to a Facebook post by county Sheriff Chuck Curry. Those threats prompted more than 30 schools in the Columbia Falls district to close for three full days. 

What the parents and students didn’t know at first was that the threats were coming in because a group of hackers had taken over the local school systems’ computer networks. The hackers demanded bitcoin payments or else they would release private student and faculty records.

It’s now clear the group behind the threats in both of these cases was The Dark Overlord, a hacker collective that had previously tried to extort Netflix and ABC. The Daily Beast reported earlier this month that the group has taken responsibility for taking information from the Johnston district in Iowa to send out text messages and that it also claimed it published students’ names, addresses, and phone numbers in Johnston. In Flathead County’s Columbia Falls, Montana, CNN Money reports it demanded $150,000 to destroy the data it acquired after breaking into school servers. If the school didn’t pay up, a ransom note warned the Montana school board, “we will escalate our use of force in a tiered process that will involve an ever increasing level of damage and harm for you.” 

The Dark Overlord, though, is not acting alone. Schools seem to be, as the Wall Street Journal reported this week, the next frontier for hackers vying to exploit sensitive data for money. This infiltration of schools’ servers could result in access to information on students’ names, social security numbers, as well as medical, academic, and disciplinary data, and could open the door for hackers to target and pilfer from teachers’ paychecks. As the Journal reports, cybercriminals have attacked more than three dozen schools so far this year, prompting districts to pay thousands of dollars to hire cybersecurity consultants, get security training for employees, invest in insurance and, in some cases, pay the hackers outright to destroy obtained data. 

The string of incidents caught the attention of the Education Department. On Oct. 16, it warned teachers, students, and parents of the new threat of cyber criminals threatening to release sensitive student records data unless the districts or educational institutions pay up. The department notes in its advisory that at least three states have been attacked by hackers who threatened to release private records if they didn’t receive ransom payments and that the hackers likely target “districts with weak data security, or well-known vulnerabilities that enable the attackers to gain access to sensitive data.” Tiina Rodrigue, a senior advisor for cybersecurity in the Education Department, advised in the note for school tech personnel to conduct security assessments, train staffers on data security practices, and review systems for suspicious activity. 

US law enforcement, the Journal notes, has advised against making ransom payments since such action would raise the risk of further attacks and fund other illicit activity. In the case of Johnston, Iowa, school officials have refused to pay the ransom, despite facing ongoing threats of releasing sensitive data, according to CNN Money. But other districts have defied federal law enforcement advice and have paid off hackers to avoid potential data losses. Last year, for instance, Horry County Schools, a district of 43,000 students in South Carolina, gave about $10,000 in ransom payments in bitcoin to hackers. District officials in Atlanta Public Schools discovered in September that 27 district employees lost $56,000 after hackers re-routed direct deposits away from them. And in August, 46 employees at Georgia’s Fulton County Schools lost about $75,000 after they were tricked into providing a login information through fake phishing emails, the Atlanta Journal-Constitution reports. Both districts reimbursed those employees. 

The FBI is also actively investigating the wave of threats at schools. Steve Daines, a Republican senator from Montana, raised the issue to FBI director Christopher Wray at a hearing in Washington, D.C., at the end of the September. Wray acknowledged that the agency was actively involved in the Columbia Falls case, adding: “It’s no longer just ransomware to a big Fortune 500 company. It’s hospitals, it’s schools in your case—so it’s a threat that is growing.” The FBI is also involved in investigating the Johnston case, according to the Des Moines Register.

“They know that cyber craziness is not our game, and they are winning,” Laura Sprague, a spokeswoman for the Johnston Community School District, told the Journal. “These groups are targeting some of the most vulnerable people in the nation—kids.” 

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with The Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with The Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate