In October 2023, a school district experienced a data breach, with unauthorized access to its email environment and the personal information of various individuals. The attackers claimed to have ongoing access to the network and demanded a payout to delete the stolen data. The district engaged forensic experts to investigate and address the issue, working to identify and notify those affected.

How many accounts were compromised?

The breach impacted data related to more than 200,000 students and an unspecified number of employees.

What data was leaked?

The data exposed in the breach included contact information, email addresses, student ID numbers, addresses, Individualized Educational Programs (IEPs), psychological evaluations, and salary data.

How was CCSD hacked?

Hackers breached the Clark County School District's system by initially compromising a student account using the student's date of birth and email address found on social media. They then exploited poorly configured Google Groups and Google Drives to escalate their access from the student level to the teacher and systems level, eventually accessing the district's Infinite Campus system. The exact details of the configuration flaws and how the hackers navigated the systems remain unclear.

CCSD's solution

In response to the hacking incident, CCSD implemented several enhanced security measures to protect its systems and prevent future breaches. These measures included a global password reset for all users, updating Google security settings, and strengthening login credentials. Additionally, CCSD collaborated with cybersecurity specialists to review the situation and continued to enhance login protocols and other security measures. The district also worked closely with law enforcement and forensic experts to investigate the incident, identify affected individuals, and review existing policies and procedures to implement additional safeguards. The exact nature of the collaboration with law enforcement and forensic experts remains unclear.

How do I know if I was affected?

CCSD reached out to affected users to notify them of the breach. If you are a CCSD student, parent, or employee and have not received a notification, you can visit HaveIBeenPwned to check if your credentials were affected.

What should affected users do?

In general, affected users should:

• Change Your Passwords: Immediately update your passwords for all affected accounts. Make sure the new passwords are strong and unique, not previously used on any other platform.

• Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

• Enable Two-Factor Authentication (2FA): Activate 2FA on your accounts whenever possible. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

• Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized access or transactions to the appropriate parties.

For more specific help and instructions related to CCSD's data breach, please contact CCSD's Help Desk directly.

Where can I go to learn more?

For more information on the CCSD data breach, check out the following news articles:

• Hackers Hit School District in Clark County, Nev

• Exclusive: Hackers claim they still have access to Clark County School District

• Minneapolis Schools Say Data Breach Affected 100,000