Riverview School District latest to be hit with online security incident

Riverview School District may be the latest government or school website to be hacked.

The district reported a security incident Monday that impacted teachers’ access to the internet and their district-issued devices, but the nature of the problem was unclear.

“Right now, we can’t confirm a security breach,” Superintendent Neil English said.

In an announcement over the loudspeaker at the high school, students and teachers were told to turn off their computers and stop using the school’s WiFi.

Parents were asked to communicate with the schools by phone only.

English said the district is investigating the matter, but details about the incident are murky.

“We really don’t know any details beyond what we posted to parents in the district at this point,” English said. “We will communicate more details as we receive them.”

Administrators posted a notice about the security alert on Facebook at 2:20 p.m. The same post was shared in an email to parents.

English said the district’s technology department is working to resolve the issue as quickly as possible and planned to provide an update on the situation soon.

“We are acting out of an abundance of caution until we know more,” English said.

Tech crews remained on campus after students were dismissed to investigate the incident.

It is at least the fourth online security issue reported by school or government entities in the past year.

In May 2023, Allegheny County issued an alert that it had been targeted by a global cyber security breach affecting the common file transfer tool MOVEit, which the county uses.

Those responsible for the breach are known as CL0P, a Russian-speaking hacking organization. Impacted data included Social Security numbers, license numbers, taxpayer ID numbers and student IDs.

Allegheny County offered 24 months of free identity protection services to those affected.

At Carnegie Mellon University, one of the country’s top computer technology schools, the personal files of 7,300 people may have been compromised in an August cyberattack, the university announced earlier this year.

Carnegie Mellon sent out notices in January to those impacted. The school did not address the type of information that was accessed but said there was no evidence of misuse. Still, it offered credit monitoring and other services through Experian for anyone effected.

In October, a breach of the Butler County computer network allowed hackers to access much of the public’s personal information, including Social Security numbers, driver’s license numbers, state ID numbers, taxpayer ID numbers, passports and financial accounts.

It is not clear how many people were affected.

County officials worked with a nationally recognized digital forensic team to secure the network and investigate. They recommended people impacted by the breach enroll in free credit monitoring through Experian.

Similar cyberattacks have been reported across the country. Last year, when the Minneapolis Public School District refused to pay a $1 million ransom, case folios documenting sex assaults were among more than 300,000 files dumped online by hackers.

No federal law exists to require notification to victims from schools.

To date, 2021 saw the most number of reported data breaches at educational institutions, according to a report from Comparitech.

That same report revealed more than 32 million records have been leaked in more than 2,600 data breaches since 2005, including a 2019 Georgia Tech database hack and a 2017 hard drive backup theft at Washington State University, both of which impacted more than 1 million records.

The Los Angeles Unified School District last year had paperwork for more than 1,900 former students, including psychological evaluations and medical records, leaked online.

School districts in San Diego, Des Moines and Tucson also have fallen victim to data theft.

According to NPR, an analysis by the cybersecurity firm Emsisoft found 45 school districts reported they were attacked in 2022.

That number more than doubled to 108 in 2023.

Ransomware attacks bring with them a hefty pricetag for educational institutions, with $3.6 billion spent in 2021 by U.S. colleges and schools affected by cyberattacks, according to Comparitech.

Staff writer Joyce Hanz and the Associated Press contributed to this report.