- Hackers stole over $6 million via multiple cyberattacks where they gained access to the email of the New Haven Public Schools’ chief operating officer in late May, New Haven Mayor Justin Elicker announced during a press conference this month.
- Once hackers gained access to the Connecticut school district COO’s email, they impersonated both the head administrator and vendors to create fraudulent accounts by inserting themselves into email conversations, ultimately stealing the funds through six electronic transfers in June. The city has recovered $3.6 million of the stolen funds so far, according to Elicker.
- Four of the payments, totaling $5.9 million, were stolen from a school busing service, while another $76,000 was intended for the district’s legal services. Those responsible for the cyberattack are “unbelievably unethical to not only steal money from the public, but steal money from New Haven Public School children,” Elicker said.
The New Haven incident marks yet another example of the severe consequences for schools ensnared in cyberattacks — whether that means losing money or having sensitive student and staff information exposed.
New Haven Public Schools is not alone. Prince George’s County Public Schools in Maryland announced it experienced a cyberattack on Monday impacting 4,500 user accounts out of 180,000. Out of precaution, all users in the district’s network must reset their passwords. Further details have not been released.
Earlier this month, the White House and the departments of Education and Homeland Security released guidance and announced an array of public and private efforts to improve K-12 cybersecurity. At least eight school districts fell victim to major cyberattacks in the 2022-23 school year, according to the White House.
Los Angeles Unified School District Superintendent Alberto Carvalho said during a recent White House cybersecurity summit that after a ransomware attack hit his district at the start of the 2022-23 school year, he did not have a “Rolodex of influencers” or cybersecurity experts to go to during the district’s crisis.
“Have that Rolodex ready to call an individual who can help you manage a crisis, a situation that you yourself alone cannot manage,” Carvalho said. “You do not have the tools or the intelligence federal agencies have, and they can deliver big time very, very quickly.”
Jen Easterly, director of the federal Cybersecurity and Infrastructure and Security Agency, noted during the same White House gathering that schools are “target rich” yet lack resources to protect their sensitive data.
Nearly one year after the ransomware attack, LAUSD also plans to borrow over $166 million in a municipal bond offering to bolster its cyberdefense, according to Bloomberg.