Tucson Unified School District administration said it is taking “essential steps to secure our network and ensure confidential information remains safe.”
The written statement, issued Tuesday night, was the district’s first substantial comment about a data security incident since reporting it Monday morning. The statement did not directly answer questions posed to TUSD on whether any personal information about the district’s more than 42,000 students and 7,000-plus employees was compromised.
TUSD officials have declined to answer any questions about the incident, including the kind of data stored in the district’s network services. Superintendent Gabriel Trujillo cited direction from lawyers as the reason for not commenting further as the investigation continues.
Here is the Tuesday night statement, unsigned by any administrator in particular, in its entirety:
“Protecting the security and privacy of personal information is of the utmost importance to Tucson Unified School District.
“Early Monday morning we experienced a data security incident, which impacted some of our systems. Upon learning of the issue, we immediately commenced an investigation and began working with national external cybersecurity experts who regularly analyze these types of incidents. The forensic investigation is in its early stages and is ongoing. We appreciate the patience of our community as we take essential steps to secure our network and ensure confidential information remains safe.
“TUSD schools are fully functioning and students have access to the tools they need to continue their learning and stay on track. We greatly appreciate our staff working with us to develop alternative learning plans and using hotspots, as needed until the systems are fully restored.
“Tucson Unified School District is taking this matter very seriously and continues to take significant measures to protect the information that we maintain. We apologize for the inconvenience; we will provide updates as the investigation and restoration process continues. We appreciate your patience and understanding as we work to get all systems back to normal.
“Thank you. TUSD Leadership”
Margaret Chaney, president of the Tucson Education Association, said earlier Tuesday she believes some of the employee information stored in the district’s network includes phone numbers, addresses, Social Security numbers, and certification and disciplinary records. She added that more sensitive material, like student medical records, is likely stored in different servers.
“I’m not so concerned about that because I know that the district is well aware of the issues that are ongoing with that ... and they’re doing whatever they can to keep that safe, I’m sure,” Chaney said.
Some TUSD students were circulating a photo on social media of a message that schools throughout the district allegedly received Monday through school printers. The message in the photo stated the district’s systems “were hit by Royal ransomware.”
Royal, according to the Australian Cyber Security Centre (ACSC), is a “ransomware variant that is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organizations worldwide.”
Once the attackers hack into the victim’s network, ACSC states, they encrypt the victim’s data, lock the network in an unusable format, and demand a ransom to return access to the sensitive files.
