VUSD admin says ‘ransomware attack failed’

Interim Superintendent Doug Cardoza confirms no student or employee information was accessed during data breach between Jan. 1 and June 3, 2021

VISALIA – The ransomware hack of Visalia Unified’s email accounts in spring 2021 did not include any student emails and no student information was accessed, the district said in letter last week.

On Dec. 30, Visalia Unified School District announced certain district-issued email accounts were illegally accessed during a data breach between Jan. 1 and June 3, 2021. VUSD said in a statement it identified the problem on June 6, 2021 and then conducted “a comprehensive review of the accounts, which was complete on or around December 3, 2021” to determine which email accounts were illegally accessed and what information was contained in those accounts. The result of the six-month investigation determined most of the information obtained was the name and medical information of the email account holder. In the case of 10 email accounts, information obtained also included the driver’s license number, financial account number, and health insurance information.

The Sun-Gazette asked the district how many accounts were hacked, if the district has paid any money to restore the data or if the district has made any settlement payments to victims whose personal data was obtained. Interim Superintendent Doug Cardoza responded to some of those questions in a Jan. 14, 2022 letter emailed to the Sun-Gazette saying the data breach did not impact the district’s student information system or employee databases and “the extent of the event and the information potentially affected was relatively limited.”

Ransomware is a type of malware, short for malicious software, used for digital blackmail where a person or group hacks into a server and locks out the user threatening to publish the data unless they pay a ransom. Ransomware typically gains access to a server when one of the users clicks a link or downloads a file which in turn downloads a virus locking the user out of their own data.

The district became aware of the ransomware attack on May 18, 2021 when it impacted the operation of the district’s information technology (IT) systems. Many of the systems were offline for the entire day as the district scrambled to bring them back online as quickly as possible and were able to resume online classes later that day.

Cardoza said VUSD immediately notified local and federal law enforcement authorities of the incident. He said the swift action taken by district staff, including shutting down systems district-wide, allowed VUSD to identify and stop the ransomware attack before it took full effect.

“In short, the ransomware attack failed,” Cardoza said.

On May 20, 2021, the school board unanimously approved a contract with Mullen Coughlin LLC, a cybersecurity and data privacy law firm retained and covered through the district’s cyber-security insurance policy, following a closed session discussion. With the assistance of counsel, the district conducted a meticulous investigation to ensure its systems could be brought back online without issue and to determine what led to the ransomware attack.

During the investigation, which concluded on Dec. 3, 2021, Cardoza said the district meticulously and comprehensively reviewed all of the impacted accounts. “VUSD has notified individuals whose personal information was identified during the review, and provided instruction on how to follow up with additional questions through a dedicated assistance line and email address,” the letter stated.

VUSD says it has implemented additional technical security measures, is reviewing and enhancing existing policies and procedures and providing employees with additional training on data security to avoid a similar event in the future.

Start typing and press Enter to search