The theft of information from the Manhasset school district computer system included sensitive and personal information about current and prior staff and students, including a "confidential memorandum" that some students have obtained and distributed, officials said.
More than a month after cybercriminals stole information and sabotaged the district's computer system, Acting Superintendent Gaurav Passi provided more details to the community about what was stolen and posted on the dark web.
"The intrusion into our network was deep, the files stolen were voluminous, and some files contain sensitive information regarding certain students and staff," Passi said in written communication to the school community. The information pertained to current and prior staff and students, he said.
Passi did not elaborate on the nature of the stolen information. He has declined several requests for an interview.
The district initially said the thieves stole Social Security numbers and driver's license numbers, which raised the prospect that people could suffer fraud and identity theft. The taking of personal information raises the stakes of the theft into the realm of potential extortion and public embarrassment.
Passi shared what he considered another disturbing development.
"Recently, we received troubling information that some Manhasset students were in possession of and were circulating a stolen confidential memorandum that the criminals posted to the dark web," he said in the written communication.
The hackers initially demanded an undisclosed ransom to unlock the information, but published the files to the dark web after the district refused to pay.
Shaun Pleickhardt, president of Synack Technology Services in Centereach, said he never recommends paying cybercriminals any ransom. Paying, he said, is no guarantee that the criminals will release the data, and they may still publish it to the dark web.
Pleickhardt said school districts and other potential victims need to have their computer systems protected and tested for vulnerabilities. Worker training is also important, since many places are hacked after a worker unknowingly opens an email containing ransomware.
"You could be locked down like Fort Knox, but if a user clicks the wrong thing," Pleickhardt said. "The human mind is the weakest link in all this."
The hack created weeks of havoc for district telephones and voicemail, Wi-Fi, the purchase system in cafeterias, and teachers’ access to lesson plans and tests, Passi said.
Passi said the district was able to restore the computer system from backup files. It was for this reason that the district did not pay the hackers' demand for money.
The hackers posted certain files to the dark web, the part of the internet accessible by means of special browsers, allowing users and website operators to remain anonymous, officials said. The district warned affected people to monitor their credit reports and financial account statements, and said they could enroll in complimentary credit monitoring.