The Clark County School District (CCSD), the fifth largest school district in the United States, is confronting a significant data breach that threatens the privacy and security of over 300,000 students and 15,000 teachers. In a recent cyberattack, malicious actors gained unauthorized access to CCSD’s email servers, exposing sensitive information and raising concerns about potential identity theft and further phishing attacks.
CCSD acknowledged the cyber incident on October 16, revealing that the breach occurred earlier in the month. The district immediately initiated an investigation, enlisting the expertise of forensic professionals to ensure a secure and remediated email environment. Law enforcement agencies have also been engaged in the ongoing inquiry.
The scope of the breach, as indicated by the CCSD, involved unauthorized access to limited personal information concerning a subset of students, parents, and employees. The district is actively working to identify all individuals impacted by the breach.
In response to the security breach, CCSD promptly disabled external access to its Google Workspace and implemented a mandatory password reset for all students.
However, the situation took a disconcerting turn when parents started receiving emails from the threat actors, warning them that their child’s data had been compromised. The emails, with the subject “CCSD Leak,” conveyed a message to concerned parents, urging them to update their information in CCSD systems.
According to reports from KSNV News 3 Las Vegas, these messages contained PDF files that included stolen student data, comprising photos, addresses, student ID numbers, and email addresses.
The students and their parents have expressed deep concerns and fear regarding the unauthorized possession of their data. Worries extend to the potential misuse of the data, including identity theft and future phishing attempts.
The situation has escalated as a hacking group identifying themselves as ‘SingularityMD’ claimed responsibility for the breach. SingularityMD alleges that the breach impacted over 200,000 CCSD students and criticized the district for security vulnerabilities, citing the use of birthdates as passwords and inadequate communication with principals.
The hackers released a statement containing links to alleged stolen data hosted on dark web and clearweb platforms. This data reportedly includes students’ emails, birthdates, ethnicity, PSAT scores, health information, suspensions, incident reports, and other personal information, as well as financial reports, staff salaries, and grant information from the district.
DataBreaches.net, which examined some of the leaked data, reported that it appeared legitimate. However, CCSD has not responded to verify the data’s authenticity, while parents have confirmed that the leaked information matches their children’s records.
The threat actors maintain that they still have access to CCSD’s systems and have additional data, which they threaten to release if the school district does not meet their extortion demands.