The LockBit ransomware group has claimed responsibility for the alleged Shore Regional High School District cyber attack.
In a post on their leak site, the group shared the logo of the school and a link to the official website with a ransom payment deadline of 19 May 2023, indicating possible ransom talks. Shore Regional High School is based in New Jersey, United States.
Shore Regional High School cyber attack
Neither the Shore Regional High School cyber attack nor the claims of ransom demand have been confirmed by the school. The Cyber Express has emailed the school for confirmation; however, we are yet to receive a response.
The official website of the Shore Regional High School was accessible at the time of publishing this report.
According to the ransomware group’s post, the stolen data from the Shore Regional High School District cyber attack was uploaded on 18 May, indicating that the hackers have only offered a day’s time for payment.
The ransomware post concluded with a warning that read, “All available data will be published.”
Shore Regional High School cyber attack and the larger picture
The implications of a cyber attack on a school district are heavy because it exposes countless students with one data breach such as the alleged Shore Regional High School cyber attack.
In nearly 2691 data breaches in the U.S. impacting educational institutions between 2005 and mid-March 2023, over 31,988,437 individual records have been stolen and exposed. Among these, 51% of incidents exposed K-12 while 83% impacted post-secondary institutions.
“Predictably, California takes the top spot for the number of records affected with over 2.9 million impacted in total,” a Comparitech blog read.
“Massachusetts, Georgia, Washington, Missouri, and New York are the only other states to have had over 1 million records impacted in these kinds of breaches,” the blog further added.
Globally, it has been observed that 56% of K-12 schools reported suffering a cyber attack, in the year 2022. 64% of colleges and universities reported cyber attacks in 2022 according to a survey of 31 countries’ IT professionals.
Repercussions of school data breaches and leaks
There have been incidents where the hackers have initiated direct communications with students to threaten them after a cyber attack on their school.
Student data is considered sensitive as it can lead to financial losses and identity theft wherein ransom or money is demanded as a routine cybercrime path criminals follow.
On a deeper level, they may impersonate the pupil to gain access to their personal identifiable data, among others to create fraudulent and duplicate ID cards, bank accounts, sim cards, etc., to conduct crime in their name.
School data breaches: All it takes is one wrong click
Most cyber attacks are successful because a malware-infected link sent via email, SMS, or WhatsApp message, was opened and accessed by the target.
A click can allow access to the entire device. Moreover, using legacy devices that have been left unpatched or have pending security updates by the vendor is also a major cause of cyber attacks.
School staff including students must be trained not to share their login credentials on social media or anywhere else.
They must also be trained to maintain basic cybersecurity by opting for automatic updates for software on all their devices and being aware of how to report suspicious callers and email spammers.
Spammers send millions of emails however, even if a small percentage of the receivers open them and follow the instructions asking to update accounts, passwords, or confirm other details besides downloading ‘urgent’ emails, it works in favor of the hackers.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.