Hackers stole information and sabotaged the Manhasset school district computer system, demanding a ransom the district refused to pay before publishing to the dark web files containing people's Social Security numbers and drivers license numbers, officials said.
The computer hack occurred Sept. 14, and officials, out of caution, said they temporarily shut down the district's network. The damage caused havoc for district telephones and voicemail, Wi-Fi, the purchase system in cafeterias, and teachers’ access to lesson plans and tests, Acting Superintendent Gaurav Passi said.
"Our district was the victim of a criminal enterprise, and we understand how upsetting this is for our community," Passi said in a written communication to parents and staff.
Passi said the district was able to restore the computer system from backup files. It was for this reason that the district did not pay the hackers' demand for money, the amount of which he did not disclose.
But the hackers posted certain files to the dark web, the part of the internet accessible by means of special browsers, allowing users and website operators to remain anonymous, officials said.
The district warned affected people to monitor their credit reports and financial account statements, and said they could enroll in complimentary credit monitoring.
Passi has kept the school community abreast of the issue through a series of six written communications since Sept. 14. He initially described the problem as a "network disruption incident." On Oct. 8, his message noted the presence of ransomware and the threat of stolen data.
"Unfortunately, we are one of the latest victims in this growing trend which has targeted other school districts, hospitals, and municipalities, as well as private businesses across the country," Passi wrote to parents and staff.
The superintendent's note did not specify whose information was stolen, whether it was staff or students, or both. The district's public relations firm, Syntax, also did not respond to questions.
Passi declined a request for an interview.
In 2019, the Rockville Centre school district paid almost $100,000 to restore its data after being hacked with a ransomware virus that encrypted files on the system’s server until payment was made to unlock the information.
The district was among several statewide targeted by a ransomware virus that encrypts data, essentially locking users out of access to their files. Mineola's server was corrupted by the same ransomware, known as "Ryuk," but the district said it did not have to pay a ransom to unlock data because it had everything backed up offline.
Manhasset district officials said they have notified law enforcement and the state Education Department's chief privacy officer. They also said cybersecurity experts are investigating the hack.
Passi said officials restored phone service on Sept. 18. Officials distributed hot spots in the main, attendance and health offices in each building, so that faculty and staff could access district emails.
On Sept. 25, the district installed additional anti-malware software, which enabled teachers to use their district laptops. In the cafeterias, food workers had to maintain manual records of each student purchase.
By Oct. 1, Wi-Fi was up and running again, but teachers still could not access lesson plans and tests they had saved, officials said.
"The district takes data security very seriously, and we are implementing several additional measures to enhance our security in an effort to prevent an incident like this from reoccurring in the future," Passi said on Monday in a communication to parents and staff.