The Alabama State Department of Education (ALSDE) narrowly avoided a crippling ransomware attack on June 17, but not before hackers breached sensitive data, raising concerns about the security of student and employee information.
While ALSDE officials successfully prevented a complete system lockdown, they acknowledged in a statement earlier this week that the attackers gained access to some data before being stopped. The department is currently working with federal law enforcement to investigate the scope of the breach and determine what information was compromised.
Education Ransomware Attacks Soar
The incident comes amidst a wave of cyberattacks targeting educational institutions across the United States. In fact, 2023 was the worst ransomware year on record for the education sector, with a 92% spike.
Although the attacks were carried out by several ransomware gangs, LockBit and Rhysida (a rebrand of Vice Society) had the lion’s share of 2023 attacks, with half credited to them. While ransomware attacks against education are a global phenomenon, the U.S. education sector has faced 80% of known attacks.
Scope of Alabama Education Department Breach Unknown
The exact nature of the stolen data remains unclear. ALSDE has not confirmed the type of information compromised, but at a press conference, State Superintendent Eric Mackey warned that student and employee data, including “some personally identifiable information,” may have been accessed. The department has set up a dedicated webpage, alabamaachieves.org/databreach, to provide updates on the investigation.
While ALSDE has taken steps to mitigate the damage, several questions remain unanswered. The investigation into the attack is ongoing, and the department has not responded to requests for further details about the compromised data. The potential impact on students, families, and school employees will depend on the nature and volume of the information accessed by the attackers.
The department reiterated its firm stance against negotiating with cybercriminals. We have taken the position not to negotiate with foreign actors and extortionists,” the department’s statement said, reflecting growing law enforcement guidance against feeding the ransomware ecosystem.
Importance of Data Backups for Ransomware Protection
Despite the breach, ALSDE was able to restore its systems and data using clean backups, highlighting the importance of robust data backup and recovery strategies for organizations of all sizes.
The incident underscores the need for educational institutions to invest in cybersecurity measures to protect sensitive student and staff data, and serves as a stark reminder of the growing cybersecurity threats faced by educational institutions. As schools continue to collect and store sensitive student data, robust cybersecurity protocols and incident response plans are critical to safeguard this valuable information.