Hackers post online thousands of Broward schools files, including student, teacher info

David Goodhue
·3 min read

Hackers who broke into Broward County Public Schools’ computer system last month made good on their threat this week to release thousands of files that they stole from the district.

The group, known as Conti, published almost 26,000 files on its website, which threatens other businesses and organizations they target that unless they pay ransoms, their files, which may contain personal information, will be released as well.

The files, which dated from 2012 to March of this year, did not contain Social Security numbers, but did include a few cases of confidential student or faculty or staff data, according to the Sun Sentinel.

“If you are a client who declined the deal on cartel’s website or did not find valuable files, this does not mean that we forgot about you, it only means that data was sold and only therefore it did not publish in free access,” the group states on its website.

The school district posted a statement on its website saying that so far, outside investigators it’s hired have not found any indication that student or employee personal data has been compromised.

“If the investigation uncovers any compromised personal data, the District will provide appropriate notification to those affected,” the statement reads.

The district has contacted law enforcement and said in a statement released to the media Tuesday that it, with the help of its hired cybersecurity experts, “has implemented a plan to analyze the content to determine what further action is necessary.”

The breach is still under investigation, the statement continued.

When the hackers breached the school district’s system in early March, they first demanded $40 million, but then said they’d accept $10 million, according to a transcript of text messages between Conti and an unidentified employee. The Miami Herald viewed screenshots of the transcript.

The district told the Herald last month that it had no intention of paying the ransom. It hired a cybersecurity firm to investigate the breach and to try to get back its files.

Brett Callow, a threat analyst with New Zealand-based cybersecurity firm Emsisoft, said Conti are “experienced extortionists” who’ve released data they’ve stolen from almost 300 other organizations.

“That info that is released in these cases can be very sensitive. For example, in one recent case involving a school district, the hackers published details of alleged sexual assaults by/against named individuals,” Callow said in an email. “Things like this are really, really bad. If your financial information leaks, you can fix your credit; when stuff like this leaks, there’s no way to fix it. Once it’s out there, it’s out there.”

Callow said hackers get into organizations’ computer systems either by tricking an employee into opening a link contained within an email, or because the organization has an improperly secured internet-facing server.

“It’s about 50/50. In these cases, the hackers attempt to delete or encrypt the target’s backups,” Callow said. “If they fail, the organization can use the backups to recover its systems. If they succeed, the organization’s only option is to lose its data or pay the ransom.

“But, of course, in either case, they still have the problem of the stolen data.”