The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children’s’ data that was allegedly stolen during a recent cyberattack.

CCSD is the fifth largest school district in the US, with over 300,000 students and 15,000 teachers.

On October 16, CCSD confirmed it suffered a cyberattack earlier this month, stating threat actors gained access to the district’s email servers.

“On approximately October 5, 2023, Clark County School District (“CCSD”) became aware of a cybersecurity incident impacting its email environment,” reads a statement from the Clark County School District.

“Upon discovering the incident, CCSD immediately engaged a team of forensic experts to investigate the incident and ensure that CCSD operates within a safe and remediated email environment. CCSD is also cooperating with law enforcement’s investigation.”

“Thus far, the investigation revealed that the unauthorized party accessed limited personal information related to a subset of students, parents, and employees. CCSD is working diligently to identify all individuals whose information was impacted by this incident.”

In response to the attack, CCSD disabled access to its Google Workspace from external accounts and has forced reset all student’s passwords.

Since then, things have taken a turn for the worse, with parents reporting they are receiving emails from the threat actors warning that their child’s data was leaked.

“I’m so sorry to tell you this but unfortunately your private information has been leaked. You should probably change your information in CCSD systems if that is possible,” reads an email titled “CCSD Leak” seen by the Las Vegas Review Journal.

“There are over 200,000 student profiles like this which have been leaked now by the hackers. Be careful out there. Don’t shoot the messenger!”

Emails sent to parents of CCSD students
Emails sent to parents of CCSD students
Source: Facebook

According to a report from KSNV News 3 Las Vegas, these emails include PDF files that contain students’ stolen data, including student photos, addresses, student ID numbers, and email addresses, 

Both students and parents are upset and scared that the threat actor has their data and could potentially use it for other malicious purposes, such as identity theft or further phishing attacks.

BleepingComputer contacted CCSD on Friday but did not receive a response as they were closed for the Nevada Day holiday.

SingularityMD hackers claim attack

According to a detailed report by DataBreaches.net, the hackers behind the Clark County School District breach call themselves ‘SingularityMD’ and have already begun to leak what they claim is the data for 200,000 CCSD students.

The threat actors contacted DataBreaches.net to share information about the attack, including a link to a “statement” that contains URLs for allegedly stolen data.

“We SingularityMD (the hack team), would like to make a statement for clarification. CCSD did not detect a security issue, we emailed them to tell them we had been in their network for a few months,” reads a note by the hackers on a code-sharing site.

“For 6 years they forced students to use their birthday as their password, resetting the passwords back to their birth date each year, they even prevented the students from securing their accounts.”

“We asked for less than one third of the Jesus F Jara’s annual salary in exchange for destroying the stolen data. The callousness and incompetence of the leadership at CCSD is astounding, not only did they not cooperate, it is clear they did not communicate with principals and have still not plugged their leaky ship, meaning we still have access to the network.”

This note contains links to leaked data archives hosted on dark web and clearweb sites, containing what the hackers claim is the personal data of 200,000 students.

This data allegedly contains student’s emails, birth dates, ethnicity, PSAT scores, health information, suspensions, incident reports, and other information.

The threat actors also leaked what they state are financial reports, staff salaries, and grant information from the district.

DataBreaches.net examined some of the leaked data and said it looks legitimate, but CCSD has not responded to their emails to verify if the data belongs to them.

However, parents who received some of the leaked data have already verified that the information belongs to their children, adding legitimacy to the leaks.

At this time, the threat actors claim to still have access to CCSD’s systems and have more data that they will leak if the school district does not pay an extortion demand.

“One final tip for CCSD, we will continue to cause trouble until you pay, or you finally kick us out of your network,” concluded the threat actor’s post.

BleepingComputer has been unable to verify if the attacker’s claims of still having access to CCSD systems are true.

Furthermore, it should be noted that SingularityMD is not related to the AI platform under the same name.

Source: www.bleepingcomputer.com