Riverhead School District

Riverhead School District informs employees that staff data was compromised in cyber incident

The Riverhead Central School District informed its employees Sunday that staff data was compromised during an apparent cyber attack last week, the News-Review has learned.

The revelation came during a voicemail sent to district staff that stated the New York State Education Department was notified of the breach and the district is working with its insurance company to resolve the matter.

“Our technology department with assistance from technology consultants have been working diligently over the weekend to restore as much of our technology as possible in light of the recent cyber incident,” Sunday’s voicemail begins. “Currently, our staff Wi-Fi network is down. All desktop computers should remain off for now. The technology department is supplying clean computers in key areas as you continue to navigate and recover.”

The district did not specify what staff data was compromised.

The voicemail continues to inform staff that Outlook emails and files saved to the district network cannot be accessed and that cell phones can’t be connected to the district wi-fi network.

A separate instructional network is functioning, the district added.

The schools will be temporarily halting instructional staff observations as district officials continue to navigate the cyber incident, according to the voicemail.

District officials first alerted parents to “outages” with internet and email resources around 9 a.m. Friday and asked them to use the phone if they needed to contact the school district.

In an update posted to social media shortly after 2 p.m. Friday, the district said that a preliminary investigation revealed that the outage may have stemmed from a cyber breach and that they continue to experience outages.

District officials said Friday they contacted local police and Homeland Security to report the incident, which is still under investigation. Through a spokesperson, officials also said they can’t yet confirm or deny that this was a ransomware attack. That language was also not used in Sunday’s voicemail.

In ransomware attacks, school computer systems are slowed down or rendered inaccessible as ransomware actors steal or threaten to leak confidential data to the public unless paid a ransom to unlock the system.

Last December, the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center issued a joint report addressing the rise of cyber attacks on schools, including ransomware attacks and data theft that disrupted distance learning amid the pandemic.

“Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the report said.

Experts said that schools have become ripe targets for cyber crimes since they are data-rich with information about students and staff, which can be used for identity theft. The reliance on technology during the pandemic has also likely contributed to gaps in cybersecurity, leaving schools vulnerable.