The Rockwood School District has been working with forensic specialists and the FBI to investigate an attack on our internal systems that was first discovered on June 17, 2021. Through the investigation, the forensic specialists determined that certain District systems were subject to unauthorized access. As a result, some student and employee information may have been affected. At this time, we have no evidence of any misuse of student or staff information. Out of an abundance of caution, anyone whose information was present at the time of the incident will be receiving a notification via USPS mail with details as to what information related to them may have been impacted. The notification will also include information on how to access free credit monitoring and identity theft protection.
Early in the morning on June 17, 2021, a member of our technology team discovered that systems and files had been infected with malware and were no longer accessible. Our team moved quickly to take all District systems offline and notify authorities as well as cyber specialists to begin an investigation to fully understand the nature and scope of the attack.
The investigation determined that there was a criminal ransomware attack on our systems and that some student and staff information was present on the impacted systems during the incident.
While the investigation is ongoing, evidence shows that an unauthorized party gained access to certain files that contain information belonging to members of the Rockwood community, including employees and their dependents, retirees and students. The District has identified individuals whose information was present on the impacted systems during the incident and is in the process of sending the appropriate individual notifications via the United States Postal Service.
At this time, we have no evidence of any misuse of student information. However, the potentially exposed information for students may include names, addresses, student IDs, MOSIS (state) IDs and grades. The Rockwood School District does not collect student social security numbers and uses internal student identification numbers instead. However, for a very small portion of our student population, the district does have a record of student SSNs, and those may have been present on the impacted system. If your student’s SSN was present on the impacted system, you will receive a specific notification from the District informing you of that fact.
Talk with your child about remaining vigilant online. Do not open suspicious emails or click on suspicious links. Students should also rotate passwords and use multifactor authentication for online accounts wherever possible. You can also contact the credit reporting agencies to place a “fraud alert” or “security freeze” on your child’s credit reports to proactively protect against fraud or identity theft. This can be done for minors with each of the credit bureaus and if your child is 16 or older, they can request a credit freeze themselves.
We are sending a letter and notifying all those individuals who are potentially affected by this incident and providing them with details about how they can access free credit monitoring and identity theft protection. We also continue to restore our systems to full, secure functionality, and we are implementing additional safeguards to further secure our network.
As soon as we learned of the incident, we engaged third-party computer specialists to conduct an investigation into the nature and scope of the incident. The investigation has involved meticulously examining individual files on certain impacted servers while working to restore District systems to secure, full functionality. Once the District learned that certain systems were accessed, we began the process of reviewing our internal systems in order to identify the presence of protected information and to whom the information belonged.
No, the District did not pay the ransom.
Safeguarding the confidentiality, privacy and security of your information is one of our highest priorities. We share your concern, and we regret the inconvenience and anxiety this situation has caused for everyone involved. Please know, we remain committed to protecting the information in our care and will continue to take steps to continuously improve and fortify the security of our systems. Our technology team has been working tirelessly to address this situation, and we appreciate your support and understanding as we work to securely restore our systems and prepare for the new school year.