The Alabama State Department of Education announced it had thwarted a ransomware attack on June 17, however, threat actors accessed some data and disrupted services before the attack was stopped.
Superintendent Eric Mackey, who disclosed the attack, said they are working to determine the exact scope of the data breach.
Mackey revealed that there is a possibility that threat actors gained access to some student and employee data, it also added that employee bank account and direct deposit information were not compromised because they are not stored on state servers.
“What I would say is to all parents and all local and state education employees out there, they should monitor their credit. They should assume that there is a possibility that some of their data was compromised,” Mackey said at a Wednesday press conference.
“We don’t know exactly what data was breached and we can’t disclose everything. But again, the attack on our system was interrupted and stopped by our IT professionals before the hackers could access everything they were after. That we know,” Mackey added.
Alabama State Department of Education is investigating the incident with the help of external experts.
Mackey believes that the attackers were financially motivated foreign actors.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, State Department of Education)