Last month, hackers tried to extort the North Texas school district for millions of dollars — a demand that school officials rejected. Then on Monday, after Allen ISD refused to cough up the money, the thieves emailed parents, employees and students saying they’d publish their stolen personal information online, according to NBC-DFW.
“Staff and parents of Allen ISD, Howdy!” the email read, according to that outlet. “We give you five days to collect money."
Allen ISD spokesman David Hicks didn’t return the Observer’s request for comment by publication time, but he told NBC-DFW that the district doesn’t plan to pay. As of now, there's no proof to back up the group's claims.
Hackers have been making international headlines in recent months with a slew of high-profile attacks.
Some working under the Anonymous banner leaked data from controversial web hosting company Epik, according to The Daily Dot. The leak reportedly includes data linked to the state’s GOP, including “private documents.” Last month, after the state’s abortion ban took effect, Anonymous also appeared to have hacked into the Republican Party of Texas’ website.
Schools in particular seem to be among hackers’ favorite targets, and Allen ISD isn’t the only Texas district that was purportedly breached over the past year.
Located roughly 70 miles from Dallas, Athens’ school district had to delay the start of the 2020 school year because of a ransomware attack.
Earlier this fall, Dallas ISD contacted federal law enforcement after learning of a data security incident that exposed the personal information of parents, alumni, employees and students. On its website, the district noted that despite its best efforts, it’s now one of an increasing number of private and public organizations falling victim to such hacks.
Dallas ISD went on to say that as of now, the affected data appears to have been contained and avoided being sold or shared.
It’s a problem also plaguing other school districts nationwide. As of February, 1,180 cybersecurity-related incidents have been reported in U.S. public schools and districts since 2016, according to the online database K-12 Cybersecurity Resource Center, which chronicles attacks on school districts.
Hackers frequently target school districts because they’re in a unique position to capture a lot of sensitive information, said Dr. Jose Lineros, a clinical assistant professor in the University of North Texas’ accounting department. On top of Social Security numbers and home addresses, they can snag medical records.
“We have to take this very seriously, just like we take the threats of hurricanes and terrorist attacks seriously." - Dr. Bhavani Thuraisingham, cybersecurity expert
In August, the Denton Record-Chronicle reported that a data breach in Denton County exposed hundreds of thousands of public health records, including birth dates, email addresses, residents’ names, phone numbers and coronavirus vaccination details.
Still, parents who receive threatening emails from hackers shouldn't respond because there's a chance that the hackers are bluffing for Bitcoin or other remuneration, Lineros said. Instead, parents should contact their school district and then if need be, the FBI.
It used to primarily be giggling 13-year-olds in the basement who'd hack into systems to see if they could change their grades, Lineros said. But nowadays cyberattacks are increasing because hacking is going professional.
Now, it's more like the old expression “follow the money,” he said.
“The money and the potential selling of this information on the dark web has gotten more and more lucrative,” Lineros said. “It’s gotten commercialized to where a lot of even organized crime is starting to hire black hats, they call them — people who work on trying to harm systems.”
Some online attackers like to target organizations such as school districts and hospitals, said Dr. Bhavani Thuraisingham, a computer science professor at the University of Texas at Dallas. The more destruction hackers can cause, the more satisfaction they get because they want to cause harm.
But the reason such attacks keep happening is that people aren’t being careful, said Thuraisingham, who’s also the founding executive director of the Cyber Security Research and Education Institute. It’s important that everyone practice the proper “cyber-hygiene” to make sure computer systems are as secure as possible.
Even carelessly clicking on the wrong link can allow a hacker to break in, she said.
“We have to take this very seriously, just like we take the threats of hurricanes and terrorist attacks seriously,” Thuraisingham said.
Many companies haven’t done enough to back up their information, she added: “We’ve got to be continuously vigilant.”