Tucson Unified School District will send letters Friday to 29,000 people whose “personal and confidential information unfortunately may have been accessed” due to the Jan. 30 cyberattack, Superintendent Gabriel Trujillo said.
Those who will receive the individualized letters include current and former TUSD employees, students, parents and their dependents, he told the district’s Governing Board Tuesday night.
“At present, we don’t have any evidence ... that information was misused in any way,” Trujillo emphasized.
He said that is the finding of a months-long forensic investigation by cyber experts — now being closed out by TUSD — after an exhaustive case-by-case review of “around a million documents” and files.
Trujillo did not say how the district is defining “misuse” in stating that none has been found, and there was no mention at the board meeting of findings reported in April by Bloomberg News that the cybercriminals put stolen confidential data about TUSD employees and students on the dark web for public access.
TUSD Superintendent Gabriel Trujillo
The letters will explain next steps that potential victims may take to protect against misuse of their data by the hackers, and will inform them of yearlong credit monitoring and identity-theft prevention services TUSD is providing at no charge to the 29,000 people, Trujillo said.
Officials of TUSD, Pima County’s largest district with more than 40,000 students at 87 schools, also told the board Tuesday night that they’ve made major progress since the attack in working to reduce the possibility such a breach can occur again.
Among many other steps taken so far, they said, have been moving 75% or more of sensitive district data to “the cloud” for security; conducting 24-hour monitoring of TUSD systems; testing system security periodically by having a third party hack in; changing passwords and strengthening password rules; blocking public wi-fi access at district sites and instead using “hot spots”; and collaborating with Arizona homeland security officials.
Trujillo previously confirmed that a ransomware group called Royal, active internationally, was responsible for what he called the “cyber terrorism” event.
“Bloomberg News found that cybercriminals made off with gigabytes of files, containing tens of thousands of current and former employees’ Social Security numbers and other confidential records,” reporter Jack Gillum, then with Bloomberg, reported in April. “They then uploaded the information in February to the dark web for anyone to access with an easily downloadable browser,” he wrote.
“Examples of the leaked files include a high schooler’s medical records; another detailed arguments for expelling several students,” Bloomberg’s article said.
Bloomberg found more than 16,000 numbers and birth dates tied to current and former employees on the dark web.
“Another leaked document included ‘confidential records’ concerning a high school student’s diabetes diagnosis and instructions for their insulin injections,” the Bloomberg report said.
Get your morning recap of today's local news and read the full stories here: http://tucne.ws/morning
