Tucson schools: No sign yet hackers got confidential data
An ongoing investigation into a cyberattack that brought down Tucson Unified School District’s computer systems this week has found no evidence that confidential data has been extracted or stolen as of Thursday evening, according to the district.
If it is found that data has been leaked, the district will notify employees, students and the public, district Superintendent Gabriel Trujillo said in a news release on Thursday evening.
Information stored on the district’s servers includes confidential student information such as grades, attendance and health histories, and employee information such as banking data, Social Security numbers, addresses and telephone numbers.
As soon as the security breach was discovered Monday morning, Trujillo said, the administration immediately contacted third-party cybersecurity experts to repair the systems.
Trujillo also said he expects the systems to be repaired within the next few days, with normalcy returning to classrooms by next week.
Although schools were kept open this week following the security breach, many of the district’s operating systems crashed, including the district’s workflow software used by human resources and the student information system.
In addition, many teachers had to change how instruction was delivered to their students.
“We’ve seen a lot of flexibility from our teachers shifting to more of an oldschool teaching style for the last couple of days,” Trujillo said. “Paper and pencil versus iPad. We’ve seen our offices be creative with regard to attendance-taking procedures.”
District officials reiterated they were as prepared as any organization could be in such a situation.
“We’ve done the right things to protect our environment. It’s just the organizations out there that are bad actors … have resources that are capable of getting ... in almost any network,” said Blaine Young, the district’s chief technology officer.
He said the only way to avoid such a breach is by moving the district’s entire computer system to a cloud-based one.
“As long as you have systems of operation that are tied to old-school, webbased servers, an organization is always going to be susceptible to these types of attacks,” Young said.
Currently, the district is a “hybrid environment” with some systems in the cloud and some still in-house, he said.
The district has a plan to transition its systems to a cloud-based system, but that takes time and funding, Young said.
Because transitioning to a fully cloud-based system is labor intensive and costly, that process is typically done gradually, as allowed by the available budget and resources, Young said.
Trujillo said that moving Tucson Unified’s systems to the cloud would be costly: “That’s millions of dollars.”
Trujillo criticized the Arizona Legislature for not adequately funding school districts.
“The capital funding that we do receive is targeted at heating and cooling systems, air condition, heating, plumbing, electrical, books, buses and buildings,” Trujillo said. “This is just another reason why capital funding is sorely needed across the state.”
Young said the district has a “strong, rigorous” technology disaster plan that was used following this cyberattack. In addition, the district conducts periodic tests of its systems, making improvements if needed, he said.
The district discovered the cyberattack after an “item” was printed off the district’s printers, Young said. He did not say what the item was.
Although officials did not comment on who was behind the ransomware attack, Trujillo acknowledged that a ransom note appeared on thousands of printers across the district that claimed the organization Royal was the culprit.
According to a copy of the note obtained by The Arizona Republic, Royal demanded a fee to decrypt and restore the data. During Thursday’s news conference, Trujillo did not address potential ransoms or the district’s next steps.
“We are extremely proud to have been able to keep our schools open and our classrooms full in the face of such a horrendous attack and in the face of this unconscionable act against our community, children and young people,” Trujillo said.