Hackers breached the Broward County (Fla.) Public Schools’ computer system earlier this month and demanded $40 million in ransom or they would release sensitive information, including students’ and teachers’ personal data.
The Miami Herald reports that the district had disclosed last month that a March 7 internet outage disrupted online learning, but it appears the incident was far more serious and is still ongoing.
The records stolen by the hackers include pupils’ and employees’ Social Security numbers, addresses and dates of birth, as well as information on district financial contracts.
The hackers demanded $40 million or else they would release the information online.
“The good news is that we are businessmen," the hackers wrote. "We want to receive ransom for everything that needs to be kept secret, and don’t want to ruin your reputation. The amount at which we are ready to meet you and keep everything as collateral is $40,000,000.”
The district says it has hired a cybersecurity firm to investigate the attack. It also said it’s working on getting back all of its files and that it has “no intention of paying a ransom.”
The statement also cast doubt on the hackers’ claim that it had student and employee personal data.
“At this point in the investigation, we are not aware of any student or employee personal data that has been compromised as a result of the incident. If the investigation uncovers any compromised personal data, the district will provide appropriate notification to those affected.”
According to the U.S. Cybersecurity and Infrastructure Security Agency, ransomware attacks are a growing problem for private companies, critical infrastructure utilities and government agencies, including school districts.