Cybersecurity News


As Another ISD Suffers Ransomware Attack
Cybercriminals Scam ISD out of $2.14M

Recent school cybersecurity news:

Duped
SFDRCISD-map-words
Officials of the 10,500-student San Felipe-Del Rio CISD recently announced that they had fallen victim to a “business email compromise scheme” in which the district was tricked into electronically sending three school bond debt service payments to a fraudulent bank account.

The district, in a subsequent (Feb. 24) special board meeting, approved allocating $2.14 million from the district’s reserve fund to make up the lost payments.

The ISD’s chief financial officer (CFO) was suspended for undisclosed reasons. The district’s budget officer, who was named interim CFO, said she would deliver the $2.14 million check in person to the district’s bond escrow agent during a previously planned business meeting in Dallas the day after the special board meeting. The district has suspended making payments electronically, and law enforcement is investigating the fraud.

Financial publications report that Moody’s Investors Service views the situation as an administrative default, not a bond payment default, given the district’s ability and willingness to pay, and that the Permanent School Fund was not called upon to make the debt service payment because the default was not due to the district’s unwillingness or inability to pay.

Ransomware Attack
Fort Worth ISD officials said they will use spring break, with school reopening on Monday, March 16, to finish ridding their computers and other data systems of ransomware that made their computer network inoperable during an attack on Tuesday, March 3.

No ransom was paid.

The district said that “quick action” by the ISD’s technology team prevented student and employee data from being compromised. The computer systems were reportedly offline for several days as the ISD’s technical staff worked to free the systems from the malware. Law enforcement is investigating.

Convicted
Donald-Conkright.02
A federal jury convicted (March 4) Donald Conkright in his home state of Florida on two charges — conspiracy to commit money laundering and conspiracy to commit an offense against the United States — for tricking Crowley ISD (near Fort Worth) into sending him a total of $1,995,715 via three direct electronic transfers to his bank account last year. He is to be sentenced on May 11.

Records reflect Conkright initiated the scheme by sending CISD a fraudulent email that appeared to be from a construction contractor used by the district stating that the vendor’s banking info had changed.

CISD officials have said some of the money has been recovered but they have not said how much. Conkright reportedly made numerous withdrawals to buy expensive items, such as Rolex watches and a BMW automobile, according to a March 10 press release by federal prosecutors.


We’re No. 1
Two unrelated incidents in 2017 (in which Texas schools were not at fault) helped propel the state to the No. 1 spot nationally for school-related data breaches occurring from January 2016 through March 4, 2020.

The data is included in a continuously updated interactive national map of school cybersecurity incidents that was produced to accompany a K-12 Cybersecurity: 2019 Year in Review report by the K-12 Cybersecurity Resource Center.

Of the dozens of Texas ISDs on the map, the most often reported cybersecurity breach was due to the May 2017 discovery by the Texas Association of School Boards that school employee info (names, addresses, social security numbers, etc.) maintained under the association’s group insurance program had inadvertently been made viewable online.

The second most reported reason for an ISD being on the map was due to the November 2017 revelation by the Texas Department of Agriculture (TDA) that personally identifiable data of 700 students and their parents in 39 ISDs, charters and private schools had been compromised when malware was installed in a laptop assigned to a TDA employee without the employee’s knowledge.

The map also details the big-dollar cybercrimes targeting schools, including (in addition to the previously mentioned Crowley and San Felipe-Del Rio districts) email phishing schemes in Manor ISD ($2.3 million) and Henderson ISD ($600,000) — and the ransomware attack that resulted in Port Neches-Groves ISD paying its insurance carrier a $2,000 co-pay so that the insurer would pay the criminals $35,000 in bitcoin currency in order to get the district’s computer systems up and running again.

Many districts reported being victimized by email scams involving them being tricked into sending W-2 IRS files containing sensitive employee data to fraudulent email accounts.

There were also reports in a couple of districts that a contractor stored info on PSAT and AP student registrations on an unsecured server — and that students in the United and Spring Branch districts hacked into school computers to change grades.

New Laws
Due to the growing trend of cybersecurity breaches in Texas schools, the Legislature last session passed HB3824 HB3834 and SB820 that (among other things) require school employees with computer access to undergo cybersecurity training, for districts to report cyber breaches to the TEA and for each district to designate a cybersecurity coordinator.