Hackers Send Children's Data to Parents in Nevada After Breach
Hackers have reportedly exposed sensitive student data from the Clark County School District (CCSD) in Nevada. The breach, confirmed by CCSD on October 16, revealed that threat actors had gained unauthorized access to the district's email servers.
According to a report conducted by DataBreaches.net, the hackers, who identified themselves as “SingularityMD”, allegedly obtained the personal information of over 200,000 students, including student photos, addresses, student ID numbers, email addresses, student medical records, suspension, and attendance reports. In the wrong hands, this data could potentially expose the affected students to identity theft and other malicious activities.
In response to the breach, CCSD blocked external account access to its Google Workspace and forced a password reset for all students. The district is also reportedly collaborating with law enforcement, including the FBI. However, the response from CCSD has been met with criticism, particularly regarding the lack of transparency and clear communication with affected parties.
SingularityMD reached out to DataBreaches.net and shared a link to a statement containing URLs to what they claimed was stolen data. They alleged that CCSD had been unaware of their network presence for several months. The hackers criticized CCSD for its security practices, revealing that students were forced to use their birthdates as passwords.
The hackers also claimed to still have access to CCSD's systems and threatened to release more data if their extortion demands were not met. They concluded their statement with a warning that they would continue to disrupt the district until their demands were fulfilled or they were expelled from the network.
In addition, SingularityMD have purportedly sent emails to parents with children who were impacted by the breach, alerting them about the data leak and urging them to take necessary precautions. According to KSNV News 3 Las Vegas, the emails contain PDF files which hold detailed personal information of the parent’s children.
Cybersecurity experts have advised recipients to refrain from interacting with the hackers and to exercise caution regarding any links included in the emails.
Parents are also encouraged to be vigilant about online data sharing and to educate their children about cybersecurity best practices. Affected parents are urged to reach out to CCSD immediately if they suspect that their child's data has been compromised.