TUSD’s superintendent says there is no evidence any confidential information of employees or students was “taken, extracted, stolen” in a ransomware attack that blocked the district’s internet and network services.
If that changes, Tucson Unified School District will promptly inform employees and parents, Superintendent Gabriel Trujillo said Thursday in his first media briefing since the attack occurred early Monday morning.
Trujillo said the district’s current information comes from a “team of cyber forensic experts” that is helping the district investigate the attack.
Some of the student information in the district’s system includes grades, discipline, attendance and health histories, while employee information includes banking, Social Security numbers, addresses and telephone numbers, he said.
He said the district provided its employees with resources and information to contact credit bureaus so they can take steps necessary to monitor their respective personal, credit and financial information.
It may be a few more days before the district achieves full restoration of major systems that were rendered inaccessible to TUSD employees by the cyberattack, Trujillo said. He did not give an estimated timeline for recovering those services.
TUSD, the largest school district in Pima County, has more than 7,000 employees and serves about 42,000 students.
Trujillo said employees became aware of the attack when they received a ransom note that came through thousands of printers across the district. He confirmed the note came from Royal, a type of ransomware that has been known to conduct cyberattacks worldwide.
The attackers hack into the victims’ network, lock the data in an unusable format, and demand a ransom to restore access to the sensitive information, according to the Australian Cyber Security Centre.
A photo circulating on social media among TUSD students showed a message that came through the district’s printers Monday, in which Royal threatened to leak the district’s data online if a “modest royalty” is not paid.
Asked if TUSD plans to pay a ransom to regain full system use, Trujillo said: “Due to the ongoing investigation, I’m not going to offer any further commentary on prospective ransoms or a balance of money or the district’s next actions.”
He said the costs of remediation, recovery and assistance of all experts involved in the investigation are being covered by the district’s insurance policy with the Arizona School Risk and Retention Trust.
Security issues
Trujillo declined to say how the attackers managed to hack into the district’s systems, noting that he did not want to tip hackers off to any loopholes.
As first reported by The Arizona Republic, the state auditor general conducted an audit of the school district in 2018. The report concluded the district needed to address security of its computer systems, saying TUSD was exposed to “an increased risk of unauthorized access to sensitive information and data loss.”
Auditors also recommended the district create a stronger IT contingency plan in case of a system failure.
Blaine Young, the district’s chief technological officer, said TUSD has improved its computer systems security since then, through measures such as strengthening passwords and disabling employees’ credentials as soon as they depart from the district to ensure they no longer have access to the network.
He added that the district also had what he believes is a “strong, rigorous plan” for recovery in case of failure, which was tested previously and is being used to address the current breach.
Asked if campus security features, such as keyless entryways, had been compromised due to the lack of internet and network access, Young said security systems “are all functioning as they should.”
Education continues
Trujillo said TUSD is also working to ensure teachers and students have the education resources and tools they need.
“We are proud to have kept our schools open and running in the face of this unconscionable act against our community,” he said.
Xristian Berry, a 15-year-old sophomore at Pueblo High School, said classes this week were a bit “funky” because no one expected a districtwide WiFi outage, but his teachers have made things flow smoothly for the students.
“It’s really about how efficiently our teachers have been switching because they have been doing really good, so we’ve still been on track for the most part,” he said.
“My second period teacher, for example, put all her lessons on a flash drive and then brought it to the school like that,” he said of his advanced placement world history class.
As for the students, Berry said, they all pushed their laptops to the side and were working with the old-fashioned paper and pencil. He said the outage also affected their ability to log into their StudentVUE accounts, where they can access things like grades and assignments.
“That’s really nerve-wracking, at least for me. I’m very high-priority when it comes to grades and (StudentVUE) keeps track of what you’re missing and what you’ve turned in, and I’m very forgetful,” he said.
Julian Herrera, a TUSD parent whose two daughters also attend Pueblo High School, said he lost access to ParentVUE, where he can look at their attendance and grades, and sign volunteer or parental forms when necessary for school activities.
Fortunately, he said, his daughters’ teachers were also able to adapt quickly to the lack of technological resources. His daughters hadn’t noticed much of a difference other than taking notes by hand, he said.
“There’s a lot of challenges for different reasons and this is just one more of those,” Herrera said. “Good teachers are prepared for that, and what my kids have experienced kind of solidifies that notion.”
He added that he wasn’t too concerned about his daughters’ personal information being potentially compromised during this cyber attack, as he feels confident he took the proper steps to protect their information beforehand.
“I monitor our credit reports all the time. I bought credit recovery insurance because it’s one of those things that no matter what security measures are in place by any organization, everything is vulnerable,” Herrera said.
And while everything has been continuing smoothly for his daughters so far, he said he’s curious to see how things will unfold if the internet and network services outage continues several more weeks.
“I think the teachers are able to adjust enough but if it becomes more long term, it’s going to be more difficult to manage,” Herrera said.