FCPS said it was the victim of a ransomware attack that happened on Sept. 11, during the first week of the school district’s return to distance learning.
FAIRFAX COUNTY, Va. — The personal information of some Fairfax County Public Schools students and teachers may have been compromised after a ransomware attack that happened in September. FCPS Superintendent Scott Brabrand confirmed in an email to parents and staff that hackers had posted personal information of some students and staff on the dark web Friday evening.
“At this time, it appears as though certain personal information for some students and employees may have been impacted,” Brabrand said. “We are working around the clock to identify the information that was taken and will notify impacted individuals as appropriate.”
A spokesperson for FCPS would not confirm what specific data was leaked, and teachers told WUSA 9 Saturday that they do not even know who or what was impacted.
“It’s a lot of stress, because now I have to go and check all my accounts and make sure they haven’t been breached,” FCPS art teacher, Paul McClemens said. “I got to do a credit check.”
The original attack happened on Sept. 11, during the first week of the school district’s return to distance learning. FCPS was one of more than 1,000 educational systems affected by ransomware attacks, according to Brabrand.
“In the midst of all the challenges posed by virtual learning and the pandemic, cyber criminals have been targeting educational systems around the country in an attempt to disrupt their operations,” Brabrand said. “A sophisticated group of cyber criminals, known as the Maze group, is claiming responsibility for the attack.”
FCSP said it’s working in collaboration with the FBI and Virginia State Police to investigate the attack and determine their next steps.
“We have implemented several cybersecurity-related enhancements and are continuing to evaluate additional steps that may be taken to further harden our defenses,” Brabrand said.
Virtual learning will continue without disruption in the county, according to Brabrand, and the superintendent encouraged students and staff to continue to use their computers to access the FCPS network.
The Vice President of Security Strategy for Red River, Brian Stites, said cyber crimes, like this ransomware attack, are complicated and can take a while to resolve.
“The digital landscape is maybe less clear than a physical investigation and evidence can be migrated, transferred, changed in ways that can obfuscate the criminal actors and the intentions,” Stites said.
Some teachers feel like they’ve been left in the dark and said it makes a strenuous situation (distance learning) more stressful.
“Instead of us worrying about our workload and everything that goes on with virtual and all the extra hours put into that,” McClemens said. “And now we have to take those hours an that’s not getting done because now we have to check on ourselves and make sure we’re taken care of.”
FCPS said they will notify students and staff affected as soon as they determine who was impacted.
In the meantime, McClemens has been trying to protect himself. He’s been teaching his virtual class from school, so he doesn’t have to connect to his home network.
Stites urges everyone to treat cyber security like physical safety, saying they’re equally important.
“For the teachers, I would keep a close eye on their credit reports to make sure no one else is opening up accounts in their name and I would also monitor their financial reports,” he said.
The Fairfax Education Association put out this statement Saturday:
The Fairfax Education Association is demanding that FCPS provide identity theft protection for all employees, not just those it thinks were affected by the recent ransomware attacks. This breech of information must be taken seriously by all FCPS employees.
Our members are working tirelessly to provide a world-class education, and this atrocious act cannot stand in the way of that. We encourage employees to reach out to FEA if you require additional support.
A spokesperson for FCPS said they already had an identity theft protection system in the works for all employees, and will share more information soon.
Stites said there are steps individuals and organizations like schools can take to better safeguard themselves from future attacks.
- Use strong passwords. Don’t use the same passwords for your work account as you do for your personal account.
- Hospitals, financial institutions, and the government will not contact you and ask for your personal information via phone or text, so don’t do any type of official correspondence via phone ort text.
- Manage your social media settings. Don’t click on every link on Facebook.
- Include cyber security in family conversations, just like talking about physical security.
- If you have any questions about your cyber security profile, you should have a conversation with your internet security provider.
- Have a plan to implement basic cyber security
- Designate a coordinator for cyber security. A plan only works if you have someone driving the plan.
- Have relevant trainings and discussion sessions with faculty, staff, parents and students as part of your school safety plan.
- Design your cybersecurity with an expert.
- Have a cyber security incident response plan, and faculty, staff, parents and students need to understand what to do.
“It’s really about safety,” Stites said. “This is how to keep our facilities, our faculty, our children, our staff safe in this new digital environment.”
See the full letter sent to parents and staff, below:
Dear FCPS Community and Staff,
As you may have heard, FCPS was the victim of a cybersecurity incident involving a ransomware attack. Earlier this evening, the attackers posted the information that they stole on the dark web.
Ransomware is a form of malware that is designed to prevent users from accessing files, and in some cases, extract and hold data hostage until a ransom is paid. In this case, a sophisticated group of cyber criminals, known as the Maze group, is claiming responsibility for the attack.
In the midst of all the challenges posed by virtual learning and the pandemic, cyber criminals have been targeting educational systems around the country in an attempt to disrupt their operations. In fact, FCPS is just one of more than 1,000 educational systems to suffer a ransomware attack in the past year. In the past week alone, multiple school districts were reported to be victims of ransomware attacks.
Due to the swift action of our IT team, we were able to restore virtual learning operations in time for the first day of school, which have continued without disruption. The incident has also not affected our ability to meet payroll and administrative obligations. We have implemented several cybersecurity-related enhancements and are continuing to evaluate additional steps that may be taken to further harden our defenses.
At this time, it appears as though certain personal information for some students and employees may have been impacted. We deeply regret that this has occurred and are committed to supporting you. We are working around the clock to identify the information that was taken and will notify impacted individuals as appropriate.
We know that the pandemic and virtual learning have placed stress on families and staff. As we mentioned, our investigation to determine the scope and impact of this incident is ongoing, and we are working with leading outside security experts to conduct a thorough investigation. We are also working closely with the FBI and Virginia State Police and are supporting their criminal investigations to bring the attackers to justice.
Virtual learning is proceeding as planned. Students and staff should continue to use their computers to access the FCPS network. As we move forward, maintaining continuity of school for our students, faculty, and staff, along with safeguarding their data, are our top priorities.
Superintendent, Fairfax County Public Schools