Rochester Public Schools says data was breached

After identifying suspicious activity in its technology systems late last week, Rochester Public Schools confirmed that an “outside actor” had gained access to data in its system.

“Earlier today, we confirmed that an outside actor has gained access to some school district data. Please know, as of now, we have no evidence that any data associated with this event has been used for financial fraud or identity theft,” district officials wrote in a letter sent Monday to parents of students in the school system. 

“As our investigation continues, as a best practice, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis. We will be in contact with affected individuals whose data was accessed as soon as we are able.”

The district stopped short of saying what data was accessed or for how long the district will be operating with limited internet and technology. 

The district cut itself off from its computer network late last week after it identified what it characterized as “irregular activity” in a letter to district parents late last week. 

Over the weekend, the district said it was canceling classes Monday to give teachers time to plan lessons without internet access. Students are scheduled to be back in class Tuesday. 

“Our technology staff have since been working non-stop with third party experts to investigate and address this situation,” the district said in a statement.  

Schools rely heavily on the internet for reasons that go beyond teaching, said Doug Levin, director of the K-12 Security Information Exchange, a national non-profit organization focused on protecting schools and state education agencies from emerging cybersecurity threats.

“It may also control things like the bell schedule, the communication systems between the school district and at home. And it may actually also be connected to any physical security systems in the building,” Levin said.

Levin said the Rochester situation fits a pattern of cyber attacks against school districts his organization is seeing multiple times a week, around the country, including a recent ransomware attack against Minneapolis Public Schools.

That hack resulted in student data being posted online. Minneapolis did not cancel schools during its investigation into the hack.  

“Increasingly, when a school district is a victim of a ransomware incident, they've had to shut down for one or more days as they go through their recovery process,” he said. 

Levin said school districts are increasingly the victim of cyber attacks because they often manage large amounts of money, collect troves of personal information about staff and students, and have weak cybersecurity systems.

Other school functions, including before-and-after-school care, sports and extracurricular activities will operate as usual.