MONTGOMERY, Ala. – The Alabama State Department of Education was targeted in a cyber attack recently, Superintendent Eric Mackey announced Wednesday.
The attack was stopped by state internet security workers, but not before some student and teacher data was breached. Mackey said the department is investigating the scope of how much data was accessed and said he couldn’t comment publicly about the nature of it on advice from legal counsel.
“(The department) immediately began working with state and federal law enforcement, the Alabama Attorney General, the Alabama Office of Information Technology and an independent contractor known as an expert in anti-hacking response, to fortify our cyber defenses and to assess which data, if any, were compromised,” Mackey said at a news conference. “That criminal investigation is ongoing.
“Services have been restored, and additional cybersecurity protocols have been added to the system. When it is determined which data may have been compromised, notification will be made to relevant parties in full compliance with applicable notification laws and best practices.”
Types of data possibly breached could include personally identifiable information like names, addresses and Social Security numbers. Such information can be used in identity theft schemes. Mackey said he encourages all educators to monitor their credit just to be safe.
Financial information, such as credit card numbers or bank draft routing numbers, was not a part of this data breach, he said. Such information isn’t housed on the ALSDE system.
“We don’t have any bank information or routing numbers in our system, so it wouldn’t be possible for anyone to access that,” Mackey said.
Mackey said security staff was able to stop the attack before hackers were able to fully breach the department servers and re-encrypt the system in a way that would have allowed them to demand a ransom payment.
“Since our team was able to interrupt the hackers, keeping them from encrypting the server, they were unable to instigate a denial of service. All data have been restored using clean backups,” Mackey said. He added that ALSDE will not pay off hackers for any breached data on the advice of the FBI.
Mackey said he regretted he couldn’t share more information, but encouraged individuals and the media to visit the department’s landing page www.alabamaachieves.org/databreach or submit questions to [email protected].
“What I would say is to all parents and all local and state education employees out there, they should monitor their credit. They should assume that there is a possibility that some of their data was compromised,” he said.