Officials with Prince George’s County Public Schools say some data stolen in a ransomware attack earlier this month could be posted online — and the Maryland school system will now be offering credit monitoring and identity theft protection services.
“We have worked diligently to restore our systems to operability as quickly as possible, and we are investigating the incident with outside cybersecurity and forensic specialists. However, we have learned that some personal information may be released online by those responsible for the cyber attack,” new Prince George’s County Public Schools Superintendent Millard House said in a message to the school community members on Saturday.
School officials said the system still does not know the full extent of the material that has been potentially compromised.
House’s message said the stolen data includes “identification details,” but other than that, “we do not yet know the full extent of the information relating to you, or to others, that may be affected.”
He said the school system, working with outside experts, will be taking steps to perform a “detailed review of all data that may have been compromised to identify any sensitive information impacted by this event” and will then begin notifying those affected.
That review is expected to take several weeks.
Credit monitoring and identity theft protection services will be provided by Experian. In addition, starting Saturday, the school system urged members of the school community to check their financial statements and accounts.
Last week, the school system first revealed its network had fallen victim to a “cyberattack” affecting about 4,500 user accounts out of 180,000 total. Most of them were staff accounts.
The school system said it didn’t appear student information systems were affected by the data breach.
In an interview with WTOP last week, Andrew Zuckerman, the chief information and technology officer for the school system, said officials still hadn’t pinpointed the “root cause” of the breach.
In the message Saturday, the superintendent said the “ransomware attack” was similar to those experienced by school districts across the country.
