School tight on details
By James Card
The Waupaca School Board convened a special meeting on Thursday, May 30 to discuss what the school has referred to as the recent “internet disruption.”
On May 13 the school district’s computer systems crashed. The WiFi was down, the phones and printers were down, the phone system did not work and students could not log into their Schoology portal. Even the bell system that rings for the end of class periods was dysfunctional.
Board members Steve Klismet, Lori Verhalen, Molly McDonald and Betty Manion were the only ones present. There were a handful of school administrators in attendance.
The first part of the meeting was a closed session for “deliberating or negotiating regarding public business including negotiations and bargaining regarding claims made to the district regarding internet issues.” The closed session lasted a little over an hour.
The second part of the meeting was reconvened into an open session where the board voted unanimously to authorize the district’s core team to take action to “complete the transactions related to resolving the May 13, 2024 network disruption, and any actions taken by the Core Team prior to the date of this resolution, which would have been authorized by this resolution but for the fact that such actions were taken prior to such date.”
The Core Team is composed of school district employees who are handling the computer system malfunction.
Klismet presided over the meeting. When asked by the Waupaca County Post if the school system was hacked and being held for ransom he replied, “At this point we’re limited to what we can say.”
When asked by the Post if any student’s personal data has been compromised, Klismet replied, “At this point we are limited to what we can say.”
When asked by the Post what law enforcement agencies were involved, Klismet replied that the board was not privy to some information.
Suspicious activity
The next day on May 31, Ashlee Trzebiatowski, the school’s system analyst, sent an email to the parents of the students:
“We are writing to notify you of a recent event that impacted our school district’s network systems. On May 13, 2024, the district became aware of suspicious activity causing a disruption within our computer network. The district immediately began an investigation with the assistance of third-party cyber security and network specialists to determine the nature and scope of the activity, confirm its impact on our systems, and to restore functionality to our network. We also provided notice to federal law enforcement as well as relevant state regulators, as required. Through the investigation, we determined that an unauthorized actor did gain access to our network causing the service disruption. Further, we confirmed that no student or parent information was impacted by this event.
“We take the confidentiality, privacy, and security of information in our care seriously. As part of this ongoing commitment, we are reviewing our existing policies and procedures, and implementing additional technical safeguards. Throughout this disruption, our building entrances remained secure and we were able to continue with in-person learning.
“While our technology networks and security systems are up to date, unfortunate events like this happen. And while our desire was to communicate this information to families sooner, protecting the integrity of the investigation limited us in sharing information.
Soft-target schools
Ransomware attacks are one the rise in Wisconsin and across the nation. The school districts of Janesville, Neenah, Middleton, Kenosha, Elmbrook, Adams-Friendship and Tigerton have been hacked.
This was predicted in a 2020 white paper published by the Wisconsin Legislative Reference Bureau, titled, “Ransomware Attacks: Lessons for Wisconsin State and Local Government.”
“Public institutions often have computer systems that are easy to attack. Governments and schools with limited budgets tend not to keep up with all of the latest, often safer, technology trends. As a result, these institutions might be running older computers and software that do not have built-in protection for newer and more sophisticated malware threats. Rigorous security processes could mitigate much of the risk of the older systems, but public entities often spend less than the commercial sector on the IT staff that would implement those processes,” wrote author Staci Duros.
Minneapolis hack
The largest targeted attack in the upper Midwest was the hacking of the Minneapolis Public School District. Student and school employee information was held for ransom: medical records, truancy, grades, Social Security numbers and private behavioral information such as abusive family environments, psychiatric problems, sexual incidents and suicide attempts.
The school district refused to pay $1 million ransom so the hackers dumped the personal files of 36,000 students online and onto the dark web.
According to a 2023 report by the Associated Press, the district did not inform the parents of their child’s private information getting hi-jacked. There is no federal law that requires them to do so.
“Despite parents’ and teachers’ frustration, schools are routinely advised by incident response teams concerned about legal liability issues and ransom negotiations against being more transparent,” wrote the AP reporting team.
The Minneapolis school officials referred to their attack on Feb. 17 as a “system incident” and “technical difficulties.”
When the Neenah School district was hacked on Jan. 10, 2002, it was not known if the district paid the ransom or not.
Appleton Post-Crescent reporter Duke Behnke looked into it and concluded, “A lot is unknown, at least publicly, about the Jan. 10 ransomware attack that disabled the school district’s internet, phones, email and other information technology, resulting in a two-day shutdown of schools.”
Behnke noted that the school’s communication manager declined to say if anything was paid by the school or its insurance company.
