Investigation underway into cybersecurity breach at Hillsborough County schools
HILLSBOROUGH COUNTY, Fla. - The Hillsborough County School District is the latest victim of a cybersecurity breach that has impacted some of the district's systems for several days.
An initial email about the cyberattack was sent to parents and staff late last week. In a follow-up message sent Tuesday, Interim Superintendent Van Ayres wrote that it doesn't appear any student data was accessed.
Read the statement from the superintendent below:
"The district’s monitoring systems effectively prevented widespread disruption. Additionally, we took offline a number of our network connected systems as a preventative measure. Over the weekend, our Information Technology Services division, along with external experts and consultants, worked tirelessly to restore full function to our core operational systems and collect additional data for further investigation. The forensic investigation continues as we determine more about how this incident occurred and identify what data, if any, was accessed from HCPS systems... At this point in the forensic review, we have no indication that there was any unauthorized access to data stored in our student information system."
Ron Sanders, the former staff director at the Florida Center for Cybersecurity, told FOX 13 that public entities like Hillsborough County Schools are often prime targets for hackers.
TRENDING: Bradenton man arrested after shooting into parking lot of funeral home following service, police say
"They have lots of what's called PII, [or] personally identifiable information," Sanders said.
The district said the FBI, FDLE and Hillsborough Sheriff's Office are all assisting with the investigation into how the intrusion happened and what, if any, systems were compromised.
Sanders said most hacks involving public school districts are done by current or former students or by criminals with malicious intent.
"Seventy-five or 80 percent of all hacks are the result of social engineering. That's a fancy way of saying they found somebody who's gullible, who clicks on the wrong kind of email or the wrong attachment, and they let a cyber criminal or malicious student...they let them in the system." he said. "They are tempting targets and I will tell you that, even if ransomware is involved, there is no such thing as honor among thieves."
The district hasn't said whether this was a ransomware attack. In an email to FOX 13, an FBI spokesperson wouldn't comment specifically about this case, but included a link to how the agency helps in ransomware situations.