Ransomware Attack Information
UPDATE: THURSDAY, FEBRUARY 16, 2023
The investigation into the ransomware incident that occurred on November 13, 2022 has been completed. Third-party cybersecurity investigators determined a very small number of individuals had some data improperly accessed and/or acquired. However, our investigation found no evidence to suggest the vast majority of data was affected as a result of this incident. The investigation found no evidence of, nor have we heard any instances of, any data actually being misused, for example, for identity theft or other fraudulent activities.
The individuals whose data may have been affected as a result of this incident were verbally notified late last week. Additionally, in compliance with our legal obligations, JCISD will be mailing notification letters and providing free credit monitoring to those individuals whose sensitive information was impacted. If you have not heard from JCISD administration, there is no evidence to suggest your data was impacted.
That being said, this does not mean that the impacted individuals' information was released on the dark web, nor is it inevitable that it will be released on the dark web. It simply means that the evidence suggests the threat actors had information from the impacted individuals in their possession or could have had it in their possession. There is no way to know if this evidence is definitive; it is possible that more information was exposed than the evidence suggestions. The only way to have definitive information about whose information was impacted is to actually see it exposed on the dark web. At this point, there is no evidence to suggest information from our systems has been posted to the dark web, and there is no evidence to suggest that more individuals beyond those already contacted were impacted. However, if new information was to come to light, we would act appropriately in alignment with our legal obligations.
In a positive development, the FBI and Department of Justice announced in late January that they had disrupted the ‘Hive ransomware group’. This group was responsible for our incident, and affected more than 1,500 other victims. We are thankful to law enforcement for the opportunity to cooperate in our investigation, and for the great work in taking down a malicious cyber criminal group.
Jackson County ISD wants to thank everyone for their patience and understanding as we worked to resolve this incident and complete our investigation. Providing a high-quality learning environment for our students is our number one priority, and we could not have gotten back as quickly as we did without all of your support. With the support of third-party experts, we have been able to learn from this incident in order to enhance and further strengthen our cybersecurity procedures across the district.
On Sunday, November 13, 2022, the Jackson County Intermediate School District was the victim of a ransomware attack, causing a systems outage that affected critical operating systems in schools across Jackson and Hillsdale counties. Immediately upon discovering suspicious activity, systems were taken offline in order to contain the incident. We engaged external cybersecurity advisors to investigate and assist in the safe restoration of our systems. State and federal law enforcement were also notified.
Schools were closed for three days due to the attack. During that time, we prioritized bringing essential systems back online in order to allow us to safely resume operations and reopen school buildings across Jackson and Hillsdale counties on Thursday, November 17, 2022.