LAS VEGAS (KLAS) — Two cyber security companies confirmed to 8 News Now that the information a hacker stole from the Clark County School District last month is now published online. These published documents include students and staff’s private information.
Anyone can download the four files, and some of the documents go back years.
Resecurity, a cyber security company that partners with UNLV for research projects, says the hackers stole the data then likely threatened to release it if they weren’t given money.
The info, now online, includes names of employees and social security numbers, as well as names and addresses of students, according to cybersecurity company Emsisoft.
This action by hackers is a crime and Resecurity CEO Gene Yoo says it could affect students.
“Their identity and information will forever start from whatever age they are,” Yoo said.
He notes that everyone should monitor their credit, look at passwords and make sure all your personal information is secure.
CCSD notified families about the ransomware in August, but didn’t reveal what exactly was taken, except that it involved current and former employees names and social security numbers. The district released this statement.
Clark County School District released the following statement Monday morning:
“National media outlets are reporting information regarding the data security incident CCSD first announced on Aug. 27, 2020. CCSD is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement. The District is unable to verify many of the claims in the media reports. As the investigation continues, CCSD will be individually notifying affected individuals.”CCSD
8 News Now spoke with Brett Callow, a threat analyst for cybersecurity company Emsisoft, says the sensitive data was released because CCSD would not pay a ransom.
“If an organization pays, the criminals pinky promise to destroy the stolen data,” he said. “These attacks happen for one reason and one reason only: they’re profitable. The only may to stop them is to make them unprofitable, and that means organizations must stop paying ransoms. CCSD is to commended for taking a stand.”
Callow said there are about 15 known ransomware groups that routinely steal data.
“In 2019, 89 districts and universities were impacted by ransomware. So far in 2020, 60 have been, with the attacks disrupting education at up to 1,235 individual schools.”
Callow said that he believes ransom payments should be banned.