Ransomware Attack Leads To Breach Affecting 700 Students In 39 Texas School Districts

As schools become more connected, the risks of hacking and data theft continue to grow.

By Alexandra HartDecember 20, 2017 10:39 am,

Recently, multiple school districts in north and northeast Texas were notified by the Texas Department of Agriculture that they were likely exposed to a data breach. The warning estimates that personal information of some 700 students across 39 districts could have been leaked when an employee’s state-issued laptop was hit with a ransomware attack.

The department, which runs the school breakfast and lunch programs, says that right now there’s no indication that that data has been used fraudulently. But even as of late last week, days after the original notification was made, schools are still looking for answers.

Doug Levin, the founder of EdTech Strategies, a consulting group that focuses on technology in education, says the kinds of data exposed in this hack could include information about students and families, as well as school employee information.

“This is information that criminals use to open fake identities, and compromise the identities of those involved in schools,” Levin says. “And they use that information to steal public resources.”

As schools become more connected to the Internet, they are increasingly attractive targets for data thieves, Levin says.

After the recent breach, school districts said they received little additional information from the Department of Agriculture. Levin says that has to do with disclosure requirements “that differ from place to place,” Levin says. “It can be a little bit tricky if you’re not a technical expert to understand the scope of what happened, and to understand what might have been stolen or what might be done with that information.”

Levin says schools can limit the impact of leaks by ensuring that technology and software is up-to-date. Students and employees should also do a better job securing their account passwords, he says. School tech personnel can help by training technology users on how to avoid “phishing” emails and other attempts to steal data by tricking computer users.


Written by Shelly Brisbin.