TUSDβs superintendent says there is no evidence any confidential information of employees or students was βtaken, extracted, stolenβ in a ransomware attack that blocked the districtβs internet and network services.
If that changes, Tucson Unified School District will promptly inform employees and parents, Superintendent Gabriel Trujillo said Thursday in his first media briefing since the attack occurred early Monday morning.
Trujillo said the districtβs current information comes from a βteam of cyber forensic expertsβ that is helping the district investigate the attack.
Some of the student information in the districtβs system includes grades, discipline, attendance and health histories, while employee information includes banking, Social Security numbers, addresses and telephone numbers, he said.
He said the district provided its employees with resources and information to contact credit bureaus so they can take steps necessary to monitor their respective personal, credit and financial information.
It may be a few more days before the district achieves full restoration of major systems that were rendered inaccessible to TUSD employees by the cyberattack, Trujillo said. He did not give an estimated timeline for recovering those services.
TUSD, the largest school district in Pima County, has more than 7,000 employees and serves about 42,000 students.
Trujillo said employees became aware of the attack when they received a ransom note that came through thousands of printers across the district. He confirmed the note came from Royal, a type of ransomware that has been known to conduct cyberattacks worldwide.
The attackers hack into the victimsβ network, lock the data in an unusable format, and demand a ransom to restore access to the sensitive information, according to the Australian Cyber Security Centre.
A photo circulating on social media among TUSD students showed a message that came through the districtβs printers Monday, in which Royal threatened to leak the districtβs data online if a βmodest royaltyβ is not paid.
Asked if TUSD plans to pay a ransom to regain full system use, Trujillo said: βDue to the ongoing investigation, Iβm not going to offer any further commentary on prospective ransoms or a balance of money or the districtβs next actions.β
He said the costs of remediation, recovery and assistance of all experts involved in the investigation are being covered by the districtβs insurance policy with the Arizona School Risk and Retention Trust.
Security issues
Trujillo declined to say how the attackers managed to hack into the districtβs systems, noting that he did not want to tip hackers off to any loopholes.
As first reported by The Arizona Republic, the state auditor general conducted an audit of the school district in 2018. The report concluded the district needed to address security of its computer systems, saying TUSD was exposed to βan increased risk of unauthorized access to sensitive information and data loss.β
Auditors also recommended the district create a stronger IT contingency plan in case of a system failure.
Blaine Young, the districtβs chief technological officer, said TUSD has improved its computer systems security since then, through measures such as strengthening passwords and disabling employeesβ credentials as soon as they depart from the district to ensure they no longer have access to the network.
He added that the district also had what he believes is a βstrong, rigorous planβ for recovery in case of failure, which was tested previously and is being used to address the current breach.
Asked if campus security features, such as keyless entryways, had been compromised due to the lack of internet and network access, Young said security systems βare all functioning as they should.β
Education continues
Trujillo said TUSD is also working to ensure teachers and students have the education resources and tools they need.
βWe are proud to have kept our schools open and running in the face of this unconscionable act against our community,β he said.
Xristian Berry, a 15-year-old sophomore at Pueblo High School, said classes this week were a bit βfunkyβ because no one expected a districtwide WiFi outage, but his teachers have made things flow smoothly for the students.
βItβs really about how efficiently our teachers have been switching because they have been doing really good, so weβve still been on track for the most part,β he said.
βMy second period teacher, for example, put all her lessons on a flash drive and then brought it to the school like that,β he said of his advanced placement world history class.
As for the students, Berry said, they all pushed their laptops to the side and were working with the old-fashioned paper and pencil. He said the outage also affected their ability to log into their StudentVUE accounts, where they can access things like grades and assignments.
βThatβs really nerve-wracking, at least for me. Iβm very high-priority when it comes to grades and (StudentVUE) keeps track of what youβre missing and what youβve turned in, and Iβm very forgetful,β he said.
Julian Herrera, a TUSD parent whose two daughters also attend Pueblo High School, said he lost access to ParentVUE, where he can look at their attendance and grades, and sign volunteer or parental forms when necessary for school activities.
Fortunately, he said, his daughtersβ teachers were also able to adapt quickly to the lack of technological resources. His daughters hadnβt noticed much of a difference other than taking notes by hand, he said.
βThereβs a lot of challenges for different reasons and this is just one more of those,β Herrera said. βGood teachers are prepared for that, and what my kids have experienced kind of solidifies that notion.β
He added that he wasnβt too concerned about his daughtersβ personal information being potentially compromised during this cyber attack, as he feels confident he took the proper steps to protect their information beforehand.
βI monitor our credit reports all the time. I bought credit recovery insurance because itβs one of those things that no matter what security measures are in place by any organization, everything is vulnerable,β Herrera said.
And while everything has been continuing smoothly for his daughters so far, he said heβs curious to see how things will unfold if the internet and network services outage continues several more weeks.
βI think the teachers are able to adjust enough but if it becomes more long term, itβs going to be more difficult to manage,β Herrera said.