Thousands of victims of a San Benito school district security breach began receiving letters this week notifying them that hackers had stolen confidential data about two months ago, including their names, Social Security numbers and financial information.
Kroll Credit Monitoring is working with the district to respond to phone calls.
Around Nov. 1, the cyber extortion hacking group Karakurt’s breach of the district’s technology system led to the theft of 25,000 to 30,000 employees’ and students’ confidential information, Cameron County District Attorney Luis Saenz has said, adding that he was trying to determine whether former employees and students were also victims.
Meanwhile, district spokeswoman Isabel Gonzalez declined to disclose the number of letters the district mailed on Dec. 30.
Instead, she asked the Valley Morning Star file a public information request for the information including the number of letters the district mailed to current and former employees and students.
In her letter dated Dec. 30, district Superintendent Theresa Servellon told victims a district investigation found that “an unauthorized party intermittently accessed our network and a limited number of employee email accounts and took certain files from our servers.”
“San Benito CISD is writing to inform you of a data security incident that involved some of your information,” the letter states. “We then conducted a thorough review of those files and on Dec. 16, 2022, we determined that the files contained your name, Social Security number and financial information (account and routing numbers).”
Servellon stated the district was giving victims one-year memberships to an identity theft protection service to help them detect use of their stolen personal information.
Late last month, Saenz confirmed that Karakurt, a cyber extortion hacking group, had breached the district’s cybersecurity system.
Saenz, who said the incident marked the first time his office has investigated a school district’s cyber attack, described the breach as “a really sophisticated hack.”
Meanwhile, Servellon stated “San Benito CISD and certain members of its community have been subjected to a sophisticated cyber attack.”
“Karakurt actors have claimed to steal data and threatened to auction it off or release it to the public unless they receive payment of the demanded ransom,” the FBI and the Cybersecurity and Infrastructure Security Agency state on their websites. “Known ransom demands have ranged from $25,000 to $13 million in Bitcoin, with payment deadlines typically set to expire within a week of first contact with the victim.”
Last month, Sylvia Wood, a spokeswoman with the Texas Association of School Boards, declined to say whether the agency, on behalf of the school district, negotiated with the hackers in an attempt to stop them from distributing the district’s confidential information.
Meanwhile, attorney John Shergold has said Servellon suspended Todd English, the district’s technology director, for reporting the security breach to her and district Police Chief Juan Sosa on Nov. 3.
English, who discovered the breach on Nov. 1, also contacted the FBI, Shergold said.
Shergold said Servellon placed English on paid administrative leave on Nov. 15.
On Nov. 18, English filed a grievance, which led to a Dec. 9 district hearing whose findings are pending, Shergold said.
The district has denied English was suspended for reporting the security breach.
“Mr. English responded by filing an employee grievance against the district, which nonsensically implies that he was ‘retaliated against’ for reporting the incident to Chief Juan Sosa of the San Benito CISD Police Department,” Gonzalez stated in a response to Shergold’s comments. “As a matter of policy, the district generally does not provide specific information regarding personnel matters. However, given that Mr. English has shared his grievance publicly, the district feels compelled to unequivocally state that his fabricated accusations are wholly untrue and meritless.”
(c)2023 Valley Morning Star. Distributed by Tribune Content Agency, LLC.