TUSDโs superintendent says there is no evidence any confidential information of employees or students was โtaken, extracted, stolenโ in a ransomware attack that blocked the districtโs internet and network services.
If that changes, Tucson Unified School District will promptly inform employees and parents, Superintendent Gabriel Trujillo said Thursday in his first media briefing since the attack occurred early Monday morning.
Trujillo said the districtโs current information comes from a โteam of cyber forensic expertsโ that is helping the district investigate the attack.
Some of the student information in the districtโs system includes grades, discipline, attendance and health histories, while employee information includes banking, Social Security numbers, addresses and telephone numbers, he said.
He said the district provided its employees with resources and information to contact credit bureaus so they can take steps necessary to monitor their respective personal, credit and financial information.
It may be a few more days before the district achieves full restoration of major systems that were rendered inaccessible to TUSD employees by the cyberattack, Trujillo said. He did not give an estimated timeline for recovering those services.
TUSD, the largest school district in Pima County, has more than 7,000 employees and serves about 42,000 students.
Trujillo said employees became aware of the attack when they received a ransom note that came through thousands of printers across the district. He confirmed the note came from Royal, a type of ransomware that has been known to conduct cyberattacks worldwide.
The attackers hack into the victimsโ network, lock the data in an unusable format, and demand a ransom to restore access to the sensitive information, according to the Australian Cyber Security Centre.
A photo circulating on social media among TUSD students showed a message that came through the districtโs printers Monday, in which Royal threatened to leak the districtโs data online if a โmodest royaltyโ is not paid.
Asked if TUSD plans to pay a ransom to regain full system use, Trujillo said: โDue to the ongoing investigation, Iโm not going to offer any further commentary on prospective ransoms or a balance of money or the districtโs next actions.โ
He said the costs of remediation, recovery and assistance of all experts involved in the investigation are being covered by the districtโs insurance policy with the Arizona School Risk and Retention Trust.
Security issues
Trujillo declined to say how the attackers managed to hack into the districtโs systems, noting that he did not want to tip hackers off to any loopholes.
As first reported by The Arizona Republic, the state auditor general conducted an audit of the school district in 2018. The report concluded the district needed to address security of its computer systems, saying TUSD was exposed to โan increased risk of unauthorized access to sensitive information and data loss.โ
Auditors also recommended the district create a stronger IT contingency plan in case of a system failure.
Blaine Young, the districtโs chief technological officer, said TUSD has improved its computer systems security since then, through measures such as strengthening passwords and disabling employeesโ credentials as soon as they depart from the district to ensure they no longer have access to the network.
He added that the district also had what he believes is a โstrong, rigorous planโ for recovery in case of failure, which was tested previously and is being used to address the current breach.
Asked if campus security features, such as keyless entryways, had been compromised due to the lack of internet and network access, Young said security systems โare all functioning as they should.โ
Education continues
Trujillo said TUSD is also working to ensure teachers and students have the education resources and tools they need.
โWe are proud to have kept our schools open and running in the face of this unconscionable act against our community,โ he said.
Xristian Berry, a 15-year-old sophomore at Pueblo High School, said classes this week were a bit โfunkyโ because no one expected a districtwide WiFi outage, but his teachers have made things flow smoothly for the students.
โItโs really about how efficiently our teachers have been switching because they have been doing really good, so weโve still been on track for the most part,โ he said.
โMy second period teacher, for example, put all her lessons on a flash drive and then brought it to the school like that,โ he said of his advanced placement world history class.
As for the students, Berry said, they all pushed their laptops to the side and were working with the old-fashioned paper and pencil. He said the outage also affected their ability to log into their StudentVUE accounts, where they can access things like grades and assignments.
โThatโs really nerve-wracking, at least for me. Iโm very high-priority when it comes to grades and (StudentVUE) keeps track of what youโre missing and what youโve turned in, and Iโm very forgetful,โ he said.
Julian Herrera, a TUSD parent whose two daughters also attend Pueblo High School, said he lost access to ParentVUE, where he can look at their attendance and grades, and sign volunteer or parental forms when necessary for school activities.
Fortunately, he said, his daughtersโ teachers were also able to adapt quickly to the lack of technological resources. His daughters hadnโt noticed much of a difference other than taking notes by hand, he said.
โThereโs a lot of challenges for different reasons and this is just one more of those,โ Herrera said. โGood teachers are prepared for that, and what my kids have experienced kind of solidifies that notion.โ
He added that he wasnโt too concerned about his daughtersโ personal information being potentially compromised during this cyber attack, as he feels confident he took the proper steps to protect their information beforehand.
โI monitor our credit reports all the time. I bought credit recovery insurance because itโs one of those things that no matter what security measures are in place by any organization, everything is vulnerable,โ Herrera said.
And while everything has been continuing smoothly for his daughters so far, he said heโs curious to see how things will unfold if the internet and network services outage continues several more weeks.
โI think the teachers are able to adjust enough but if it becomes more long term, itโs going to be more difficult to manage,โ Herrera said.