Lumberton ISD victim of international hacking group Rhysida | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Lumberton ISD is investigating a mid-June cybersecurity incident in which 300 gigabytes of personal data were leaked Saturday by an international hacking group that also targeted Stephen F. Austin State University.

Ransomware group Rhysida claimed responsibility for the June 12 attack on SFA, telling Nacogdoches newspaper The Daily Sentinel in an email Friday that the group downloaded about 1.2 terabytes of data from the university’s network.

Rhysida subsequently announced plans to auction off other sensitive information harvested in the attack, according to The Sentinel. In doing so, the group revealed that they had “attacked” Lumberton ISD, claiming the district was “withholding information about the attack” and that it had downloaded 300 gigabytes of “amazing personal documents” from the district.

“We immediately launched an investigation and are working actively and diligently with the assistance of retained experts to remediate and restore operations as quickly as possible as well as identify the nature and scope of information that may have been involved,” the district said in a Monday news release. 

Eleven documents containing data from Lumberton ISD were leaked to The Daily Sentinel after the outlet reported on the SFA cyber attack, including two W-9 forms; three driver’s licenses; two social security cards; one passport; a substitute teacher application; and a list of names and what appeared to be hire dates, birth dates, genders and social security numbers, among other information.

RELATED: Lake Charles Memorial Health has possible cybersecurity incident

The visible names on the driver’s licenses, social security cards and passport all appear to belong to Lumberton ISD employees, whose names are listed on the district’s website.

District Superintendent Tony Tipton on Monday did not confirm or deny that data containing sensitive information were stolen, but told The Enterprise via email that the district is “committed to notifying impacted individuals in accordance with our regulatory and legal obligations.”

Tipton said the district discovered the incident on June 13 and that the investigation is ongoing, adding that it was reported to the FBI and that Lumberton ISD “is committed to cooperating with any resulting investigation.”

“While we can’t comment on our internal cybersecurity system and countermeasures, I can say that we have acted quickly and decisively to hire experienced cybersecurity experts to assist with investigating the incident,” he said.

It is unclear if Rhysida contacted the district prior to or after the attack with plans to auction of its data as it claimed it would with SFA, as Tipton said, “that part of the investigation is still ongoing.”

RELATED: Cyber attacks strike more than just pipelines, even in SETX

“Safeguarding and maintaining the confidentiality of our student and employee information remains our utmost priority,” he said. “We have invested significant time and resources into our computer systems and practices to ensure we are appropriately protecting confidential information.”

Tipton said the district will review its current processes and will take “additional steps to further harden our environment, as necessary.”

It is unknown at this time if any institutions aside from SFA and Lumberton ISD were targeted by Rhysida at the same time.

According to California-based cybersecurity company SentinelOne, the Rhysida group was first observed in May and “positions themselves as a ‘cybersecurity team’ who are doing their victims a favor by targeting their systems and highlighting the supposed potential ramifications of the involved security issues.”

The group has previously targeted the Chilean army, though overall, its campaigns do not appear to be specific, according to SentinelOne


Click Here For The Original Story From This Source.

National Cyber Security