Over the weekend, two Maine public school districts experienced cybersecurity breaches. South Portland Public Schools took proactive measures after detecting a network break that threatened student data. The breach, which originated from an IP address in Bulgaria, prompted the district to shut down its internet network on Sunday. The school’s cybersecurity service, Blue Spruce Technologies, quickly identified the intrusion and alerted the district, allowing them to halt operations and assess the damage. Although the breach did not have lasting impacts, the school district remained cautious, ensuring that sensitive data like financial systems and human resources data were unaffected, as they are stored offsite.
The breach appeared to be part of a broader attempt to find vulnerable networks rather than a targeted attack. Director of Technology Andy Wallace stated that the hackers likely sought weak spots in various networks, not specifically targeting the school. Despite the alarming intrusion, the incident didn’t result in the exfiltration of sensitive personal data. As a precaution, Wallace emphasized that the district’s firewall triggered an alarm, halting further access before any serious harm could be done.
Meanwhile, another breach occurred in the Maine School Administrative District 51 which includes Cumberland and North Yarmouth. A student’s email account was compromised, and an unknown attacker used it to send a phishing email to around 1,400 district accounts. The email contained a link to a remote job offer, asking recipients to provide personal information. While most of the messages were filtered as spam, the district took immediate action and referred the incident to local authorities. The police department was informed of the potential threat, and school resource officers began investigating the incident.
Despite the two breaches, both school districts resumed normal operations, with schools remaining open as scheduled. Internet services were restored, and security systems continued to function. Both districts used the incidents as an opportunity to re-educate staff and students on how to recognize phishing attempts and improve awareness around cybersecurity threats. While the two breaches were separate in nature, both highlighted the vulnerability of educational institutions to online threats and the importance of timely responses to mitigate damage.
Reference:
