- A hacker published grades and personal information of thousands of Las Vegas students after school district officials refused to pay a ransom in exchange for the information.
- The leaked information included students’ names, social security numbers, addresses, and some financial information, and were published on an online hacker forum this week, a cybersecurity analyst told Business Insider.
- Las Vegas’ Clark County School District announced earlier this month that some of its files were compromised by a hacker using ransomware and that law enforcement was investigating.
- Visit Business Insider’s homepage for more stories.
Last month, Las Vegas’ largest public school district announced that a hacker compromised some of its files using ransomware and was holding the files hostage while demanding a ransom payment.
Now, a hacker has published files containing students’ grades and personal information after school district officials refused to pay the ransom.
Brett Callow, a threat analyst with cybersecurity firm Emsisoft, told Business Insider that he discovered leaked documents published to an online hacking forum that purported to include records from Nevada’s Clark County School District, including students’ names, social security numbers, addresses, and some financial information. Callow’s findings were first reported by The Wall Street Journal on Monday.
A Clark County School District spokesperson did not immediately respond to a request for comment. The district previously disclosed that it suffered a ransomware attack during its first week of online classes and said law enforcement was investigating.
Ransomware attacks have increased in recent years, and schools have been increasingly targeted this fall as more classes and sensitive files have moved online. At least 60 school districts and universities in the US have been targeted by ransomware attacks this year, according to an Emsisoft tally.
The attacks put targets between a rock and a hard place, forcing them to choose whether to pay hefty ransoms to criminals or to risk people’s personal information being leaked online. Cybersecurity experts and law enforcement agencies — including the FBI — say targets should avoid paying ransom at all costs in order to put hackers out of business.
“Ransomware attacks happen for one reason, and one reason only: they’re profitable,” Callow told Business Insider. “The only way way to stop them is to make them unprofitable, and that means organizations must stop paying ransoms.”