Pro Blog | PK Tech

Largest School District in Southern Arizona Hit by Cyber Attack #ITCouldBeWorse 

Written by Megan Schutz | July 2, 2023

It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. At PK Tech, our goal is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware – without being afraid – of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity. 

This month we’re highlighting the largest school district in Southern Arizona, Tucson Unified, that was hit by a cyber attack earlier this year that completely shut down their systems. What happened, what was the fallout, and why should you care? 

We’re covering it all here. Let’s dive in.

What the “Hack” Happened? 

In January of 2023, the Tucson Unified School District was hit by computer hackers who then held its data hostage. Staff arrived at the school on a Monday in January to find a letter on their printers. The letter stated that the school’s system had been hit by Royal ransomware, and the district’s data was allegedly encrypted and copied.

Hackers also claimed the district’s data was allegedly copied and published online where it would be visible to everyone. 

Initial reports said that the ransomware attack likely could have spread through Tucson Unified School District’s system by a staff member unknowingly clicking an untrustworthy link.

The Fallout

The immediate fallout from the ransomware attack forced the entire Tucson School District to work offline. The district sent an immediate email and voicemail to district staff and families informing them that a cybersecurity incident had occurred, causing its network services and internet to be taken offline while the incident was investigated.

Despite attempts by the district to assure students and teachers that sensitive data wasn’t stolen, it later came out that troves of data, including Social Security numbers, showed up on the dark web. Cybercriminals made off with gigabytes of files containing tens of thousands of current and former employees’ Social Security numbers and other confidential records. 

Hackers then uploaded the information to the dark web in February for anyone to access with an easily downloadable browser. As recently as April 17, the data was still accessible online.

Lessons Learned #ITCouldHaveBeenWorse

While everything for the Tucson school district was put on hold–or technically “offline”-instruction could continue, just old school style (no pun intended). Teachers turned it into a lesson on how it was before the internet. This was arguably a positive for today’s elementary-aged generation, also referred to as Generation Alpha, who has grown up knowing nothing without technology at every turn.

While threats came from the ransomware gang saying they planned to use the data maliciously, the most malicious thing they did was leak the data online–not exactly a good thing, but still, it could have been worse. 

In light of this, the Tucson School District is left in the wake of an attack that could have been even more detrimental–and created a great time to focus on safe practices to ensure it doesn’t happen again. As teachers look to focus on student instruction and likely less on their cybersecurity practices, we love the easy-to-remember SLAM method to avoid clicking on possible phishing or malicious links.

As we like to say #ITCouldBeWorse