The Clark County School District in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack. CCSD is the fifth largest school district in the US, with over 300,000 students and 15,000 teachers. On October 16, CCSD confirmed it suffered a cyberattack earlier this month, stating threat actors gained access to the district's email servers. "On approximately October 5, 2023, Clark County School District became aware of a cybersecurity incident impacting its email environment," reads a statement from the Clark County School District. "Upon discovering the incident, CCSD immediately engaged a team of forensic experts to investigate the incident and ensure that CCSD operates within a safe and remediated email environment. CCSD is also cooperating with law enforcement's investigation." In response to the attack, CCSD disabled access to its Google Workspace from external accounts and has forced reset all student's passwords. Things have taken a turn for the worse, with parents reporting they are receiving emails from the threat actors warning that their child's data was leaked. "I'm so sorry to tell you this but unfortunately your private information has been leaked. You should probably change your information in CCSD systems if that is possible," reads an email titled "CCSD Leak" seen by the Las Vegas Review Journal. According to a report from KSNV News 3 Las Vegas, these emails include PDF files that contain students' stolen data, including student photos, addresses, student ID numbers, and email addresses,. Both students and parents are upset and scared that the threat actor has their data and could potentially use it for other malicious purposes, such as identity theft or further phishing attacks. BleepingComputer contacted CCSD on Friday but did not receive a response as they were closed for the Nevada Day holiday. According to a detailed report by DataBreaches.net, the hackers behind the Clark County School District breach call themselves 'SingularityMD' and have already begun to leak what they claim is the data for 200,000 CCSD students. The threat actors contacted DataBreaches.net to share information about the attack, including a link to a "Statement" that contains URLs for allegedly stolen data. "We SingularityMD, would like to make a statement for clarification. CCSD did not detect a security issue, we emailed them to tell them we had been in their network for a few months," reads a note by the hackers on a code-sharing site. "We asked for less than one third of the Jesus F Jara's annual salary in exchange for destroying the stolen data. The callousness and incompetence of the leadership at CCSD is astounding, not only did they not cooperate, it is clear they did not communicate with principals and have still not plugged their leaky ship, meaning we still have access to the network." This note contains links to leaked data archives hosted on dark web and clearweb sites, containing what the hackers claim is the personal data of 200,000 students. DataBreaches.net examined some of the leaked data and said it looks legitimate, but CCSD has not responded to their emails to verify if the data belongs to them. Parents who received some of the leaked data have already verified that the information belongs to their children, adding legitimacy to the leaks. At this time, the threat actors claim to still have access to CCSD's systems and have more data that they will leak if the school district does not pay an extortion demand. Seiko says ransomware attack exposed sensitive customer data.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000