Des Moines Public Schools, Iowa’s largest school district, has confirmed that a ransomware attack prompted the shutdown of all networked systems on January 9, 2023. While an unnamed ransomware group demanded a ransom, the school district has not paid it based on advice from cybersecurity experts and the best interest of the district and community.
The incident resulted in a data breach affecting almost 6,700 individuals, whose data will be disclosed to them this week. As a precaution, the affected individuals are offered complimentary credit monitoring services, along with information on placing fraud alerts and security freezes on their credit files.
The ransomware attack led to the cancellation of all classes for several days, starting January 10, as internet and network services were offline during the investigation. Des Moines Public Schools, with over 5,000 staff members and more than 31,000 students across 60 schools, emphasizes its commitment to not paying the ransom.
The incident follows a trend of ransomware attacks on educational institutions, with various Iowa school districts, including Cedar Rapids Community School District, Davenport Community School District, and Linn-Mar Community School District, being targeted last year. According to Emsisoft threat analyst Brett Callow, ransomware groups have targeted at least 37 K-12 school districts in the United States since the beginning of the year.
