TUSD Superintendent Gabriel Trujillo

TUSDโ€™s superintendent says there is no evidence any confidential information of employees or students was โ€œtaken, extracted, stolenโ€ in a ransomware attack that blocked the districtโ€™s internet and network services.

If that changes, Tucson Unified School District will promptly inform employees and parents, Superintendent Gabriel Trujillo said Thursday in his first media briefing since the attack occurred early Monday morning.

Trujillo said the districtโ€™s current information comes from a โ€œteam of cyber forensic expertsโ€ that is helping the district investigate the attack.

Some of the student information in the districtโ€™s system includes grades, discipline, attendance and health histories, while employee information includes banking, Social Security numbers, addresses and telephone numbers, he said.

He said the district provided its employees with resources and information to contact credit bureaus so they can take steps necessary to monitor their respective personal, credit and financial information.

It may be a few more days before the district achieves full restoration of major systems that were rendered inaccessible to TUSD employees by the cyberattack, Trujillo said. He did not give an estimated timeline for recovering those services.

TUSD, the largest school district in Pima County, has more than 7,000 employees and serves about 42,000 students.

Trujillo said employees became aware of the attack when they received a ransom note that came through thousands of printers across the district. He confirmed the note came from Royal, a type of ransomware that has been known to conduct cyberattacks worldwide.

The attackers hack into the victimsโ€™ network, lock the data in an unusable format, and demand a ransom to restore access to the sensitive information, according to the Australian Cyber Security Centre.

A photo circulating on social media among TUSD students showed a message that came through the districtโ€™s printers Monday, in which Royal threatened to leak the districtโ€™s data online if a โ€œmodest royaltyโ€ is not paid.

Asked if TUSD plans to pay a ransom to regain full system use, Trujillo said: โ€œDue to the ongoing investigation, Iโ€™m not going to offer any further commentary on prospective ransoms or a balance of money or the districtโ€™s next actions.โ€

He said the costs of remediation, recovery and assistance of all experts involved in the investigation are being covered by the districtโ€™s insurance policy with the Arizona School Risk and Retention Trust.

Security issues

Trujillo declined to say how the attackers managed to hack into the districtโ€™s systems, noting that he did not want to tip hackers off to any loopholes.

As first reported by The Arizona Republic, the state auditor general conducted an audit of the school district in 2018. The report concluded the district needed to address security of its computer systems, saying TUSD was exposed to โ€œan increased risk of unauthorized access to sensitive information and data loss.โ€

Auditors also recommended the district create a stronger IT contingency plan in case of a system failure.

Blaine Young, the districtโ€™s chief technological officer, said TUSD has improved its computer systems security since then, through measures such as strengthening passwords and disabling employeesโ€™ credentials as soon as they depart from the district to ensure they no longer have access to the network.

He added that the district also had what he believes is a โ€œstrong, rigorous planโ€ for recovery in case of failure, which was tested previously and is being used to address the current breach.

Asked if campus security features, such as keyless entryways, had been compromised due to the lack of internet and network access, Young said security systems โ€œare all functioning as they should.โ€

Education continues

Trujillo said TUSD is also working to ensure teachers and students have the education resources and tools they need.

โ€œWe are proud to have kept our schools open and running in the face of this unconscionable act against our community,โ€ he said.

Xristian Berry, a 15-year-old sophomore at Pueblo High School, said classes this week were a bit โ€œfunkyโ€ because no one expected a districtwide WiFi outage, but his teachers have made things flow smoothly for the students.

โ€œItโ€™s really about how efficiently our teachers have been switching because they have been doing really good, so weโ€™ve still been on track for the most part,โ€ he said.

โ€œMy second period teacher, for example, put all her lessons on a flash drive and then brought it to the school like that,โ€ he said of his advanced placement world history class.

As for the students, Berry said, they all pushed their laptops to the side and were working with the old-fashioned paper and pencil. He said the outage also affected their ability to log into their StudentVUE accounts, where they can access things like grades and assignments.

โ€œThatโ€™s really nerve-wracking, at least for me. Iโ€™m very high-priority when it comes to grades and (StudentVUE) keeps track of what youโ€™re missing and what youโ€™ve turned in, and Iโ€™m very forgetful,โ€ he said.

Julian Herrera, a TUSD parent whose two daughters also attend Pueblo High School, said he lost access to ParentVUE, where he can look at their attendance and grades, and sign volunteer or parental forms when necessary for school activities.

Fortunately, he said, his daughtersโ€™ teachers were also able to adapt quickly to the lack of technological resources. His daughters hadnโ€™t noticed much of a difference other than taking notes by hand, he said.

โ€œThereโ€™s a lot of challenges for different reasons and this is just one more of those,โ€ Herrera said. โ€œGood teachers are prepared for that, and what my kids have experienced kind of solidifies that notion.โ€

He added that he wasnโ€™t too concerned about his daughtersโ€™ personal information being potentially compromised during this cyber attack, as he feels confident he took the proper steps to protect their information beforehand.

โ€œI monitor our credit reports all the time. I bought credit recovery insurance because itโ€™s one of those things that no matter what security measures are in place by any organization, everything is vulnerable,โ€ Herrera said.

And while everything has been continuing smoothly for his daughters so far, he said heโ€™s curious to see how things will unfold if the internet and network services outage continues several more weeks.

โ€œI think the teachers are able to adjust enough but if it becomes more long term, itโ€™s going to be more difficult to manage,โ€ Herrera said.

Fox News recently offered readers a guide to internet security and different forms of cyberattacks. Malware is an often-used abbreviation for malicious software, or software developed with malicious intent.


Become a #ThisIsTucson member! Your contribution helps our team bring you stories that keep you connected to the community. Become a member today.

Have any questions or news tips about K-12 education in the Tucson area? Contact reporter Genesis Lara at glara@tucson.com