Sensitive Data Breached in Highline Schools Ransomware Incident – Source: www.infosecurity-magazine.com

Washington-based Highline Public Schools has warned that highly sensitive personal, financial and medical data has been breached as a result of a 2024 ransomware incident.

The K-12 school district manages 34 schools containing around 17,500 students and 2000 staff in Washington state.

It has recently completed a forensic investigation into the September 2024 ransomware attack. This revealed that an unknown actor had “gained access to certain systems on their network and accessed certain files.”

The compromised data includes:

• Names, addresses, date of birth, social security numbers, driver’s license numbers
• Financial account information, passport numbers, employment information, digital signatures
• Medical information, health insurance information
• Student ID numbers, student records/demographic information, grade information

The school district noted that the type of data impacted varied by individual.

The investigation was conducted with the support of third-party computer forensic specialists.

“Upon becoming aware of this incident, the district immediately took steps to secure their systems and initiated a full investigation. Additional security measures are being implemented to further protect against similar incidents moving forward. This incident was also reported to federal law enforcement,” the school district wrote in a notice dated April 2.

Highline urged impacted individuals to remain vigilant against identity theft by regularly reviewing their account statements and credit reports. The district is also offering free credit monitoring and identity protection services for 12 months to individuals in the Highline community.

Read now: Schools Face Million-Dollar Bills as Ransomware Rises

Ransomware Attack Forced Schools Closure

The attack was discovered on Saturday, September 7, 2024, and critical systems were immediately isolated. The district closed down all its schools and activities for three days, until Thursday, September 12.

This included cancelling the first term date at kindergarten for the 2024/2025 school year.

Network systems remained disrupted until October, when all student and staff devices were re-imaged.

In early October, Highline confirmed the incident was ransomware related.