| Notification Date | June 15, 2023 |
| Target | Lebanon School District |
| Incident’s Location | Lebanon, CT. United States |
| Initiator | Unknown |
| Attack Vector | Ransomware |
| Impact | Not yet determined |
The Lebanon School District has fallen victim to a ransomware attack that occurred earlier this month, as disclosed by outgoing Superintendent Joanne Roberts. In response to the attack on June 15, the district promptly engaged external cybersecurity experts to assess the situation, secure its systems, and investigate the scope and nature of the breach.
Some systems, such as payroll and PowerSchool, used for managing student information, were temporarily shut down as a precautionary measure. Despite maintaining a robust data security program, the district acknowledged the increasing sophistication of cyberattacks across various sectors, including education.
The ongoing investigation, led by both the school district and law enforcement agencies, has not yet found evidence of unauthorized acquisition or misuse of personal information.
The district, which serves around 1,600 students and employs 360 staff members, took swift action to inform affected parties, including staff, parents, and relevant authorities. The incident has also been reported to the district’s insurance carrier and the U.S. Department of Education.
Lebanon Police Lt. Richard Norris, overseeing the cyber crimes unit, stated that the department is working closely with the district and its insurance provider to delve into the attack. While there was an initial demand letter that didn’t seek money, no second demand letter has been received so far.
Lt. Norris mentioned that the department is actively monitoring the “dark web” for signs of malicious use of the data gathered from the attack. If any evidence is discovered, the school district will be promptly notified. Norris indicated that such ransomware attacks are often accompanied by the removal of data from compromised systems.
Although the Lebanon Police Department might not be aware of other local ransomware victims, Norris highlighted that such attacks and attempts to breach computer systems are unfortunately common occurrences.
