It appears possible that a recent cyber attack on the Davenport School District resulted in the theft of a large collection of student and other district data.
A data-extortion group is claiming to have stolen information from the Davenport district and is threatening to publicly release it, writing in a recent online post, “In this release we will show you 845 GB of their data, which include a giant, massive array of student’s (sic) personal information …”
The post by “Karakurt” indicates a deadline of Oct. 31 for the district to meet its demands, though the post does not reveal the terms of a possible ransom demand.
The district’s email system this week has been experiencing disruptions, suggesting internal communications about the possible threat could not reach staff.
People are also reading…
District officials previously acknowledged a hacker had gained access to the district’s system in early September. By the end of the month, however, they said they had “thwarted” the cyber attack, no ransom demand had been made and no evidence existed that data was compromised.
In a statement Wednesday, district officials said they later learned the hacker may have been successful.
“Davenport Community Schools learned that the incident potentially impacted personal information belonging to certain current/former employees,” according to the statement. “Since then, Davenport Community Schools has been working diligently to identify contact information necessary to provide notification of the incident to potentially impacted individuals and to provide resources, including credit and dark-web monitoring services to assist them.
“Davenport takes this incident very seriously and is continuing to work with cybersecurity experts to take steps to help prevent a similar incident from occurring in the future.”
The district’s statement did not include information on student data, which the online post specifically claims was stolen.
Brett Callow, a threat analyst for global cybersecurity software firm Emsisoft, said groups like Karakurt target their victims differently, including partnering with or taking from other hackers.
“They’ll have had access to the network, possibly for some time, and then will have stolen data,” Callow said. “The data they may have stolen could include insurance policies, so they possibly know how much coverage the district has and how much it could potentially pay [for ransom].”
But it’s also possible, he said, that Karakurt is either bluffing entirely or made off with less information than the group claims.
Some school districts, including Davenport, have been reluctant to publicly disclose that they have been hacked. In some cases, their insurance carriers advise them to decline comment and/or an investigation is ongoing.
Callow said his industry is increasingly advising victims of cyber attacks to be forthright.
“Unless something like (insurance or law enforcement advice) is preventing districts from being transparent, they should be transparent,” he said. “If you know about this information, you can better prevent yourself from being the victim of a crime.”